Arbitrary File Write Vulnerability in Terraform 1.0.8 - 1.5.6 during `init` Operation

Arbitrary File Write Vulnerability in Terraform 1.0.8 - 1.5.6 during `init` Operation

CVE-2023-4782 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.

Learn more about our Web Application Penetration Testing UK.