The version of terraform installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-36230 advisory.
– HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner.
Fixed in v202107-1. (CVE-2021-36230)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More