Loispostula

Name of the Vulnerable Software and Affected Versions: Tapir versions 0.9.0 through 0.9.1 Description: Tapir is a private Terraform registry. The issue concerns scope-able Deploykeys, where attackers can guess the key to gain write access to the registry. Recommendations: For versions 0.9.0 and 0.9.1, upgrade to version 0.9.2 to resolve the issue. As a temporary workaround, consider restricting access to the Deploykeys until the upgrade is applied.