CVE-2024-56802

Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

CVSS

No CVSS.

References

Link	Resource
https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03
https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Tapir es un registro privado de Terraform. Las versiones 0.9.0 y 0.9.1 de Tapir enfrentan un problema crítico con las claves de implementación con alcance limitado, donde los atacantes pueden adivinar la clave para obtener acceso de escritura al registro. El usuario debe actualizar a la versión 0.9.2.

31 Dec 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-31 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-56802

Mitre link : CVE-2024-56802

CVE.ORG link : CVE-2024-56802

JSON object : View

Products Affected

No product.

CWE

CWE-285

Improper Authorization

{"id": "CVE-2024-56802", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-12-31T16:15:28.240", "references": [{"url": "https://github.com/PacoVK/tapir/commit/c36360b611fa0ba4f5e250fa43ecf8a294785a03", "source": "security-advisories@github.com"}, {"url": "https://github.com/PacoVK/tapir/security/advisories/GHSA-rj9m-qf65-f5gg", "source": "security-advisories@github.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-285"}]}], "descriptions": [{"lang": "en", "value": "Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2."}, {"lang": "es", "value": "Tapir es un registro privado de Terraform. Las versiones 0.9.0 y 0.9.1 de Tapir enfrentan un problema cr\u00edtico con las claves de implementaci\u00f3n con alcance limitado, donde los atacantes pueden adivinar la clave para obtener acceso de escritura al registro. El usuario debe actualizar a la versi\u00f3n 0.9.2."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security-advisories@github.com"}