CVE-2024-56802

High CVSS 8.7

Overview

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

CWE: CWE-285 Published: 2024-12-31T16:15:28.240

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.7 (HIGH)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags