CVE-2021-3035 : What You Need to Know
Learn about CVE-2021-3035, an unsafe deserialization vulnerability in Bridgecrew Checkov allowing code execution. Find out impact, mitigation steps, and solutions.
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious Terraform file. This vulnerability affects Checkov 2.0 versions earlier than Checkov 2.0.26, while Checkov 1.0 versions are not impacted.
Understanding CVE-2021-3035
This CVE relates to an unsafe deserialization vulnerability in Bridgecrew Checkov, impacting specific versions of the tool.
What is CVE-2021-3035?
The vulnerability allows for arbitrary code execution when a malicious Terraform file is processed by Bridgecrew Checkov versions prior to 2.0.26.
The Impact of CVE-2021-3035
This issue has a CVSS v3.1 base score of 6.7, with high confidentiality and integrity impact.
Technical Details of CVE-2021-3035
This section provides more in-depth technical information regarding the vulnerability.
Vulnerability Description
The vulnerability stems from an unsafe deserialization flaw in Bridgecrew Checkov.
Affected Systems and Versions
Checkov 2.0 versions before 2.0.26 are impacted, while Checkov 1.0 remains unaffected.
Exploitation Mechanism
Although no known malicious exploitation has been reported, the potential for arbitrary code execution exists.
Mitigation and Prevention
Here are some steps to mitigate the risks associated with CVE-2021-3035.
Immediate Steps to Take
Avoid running Checkov on Terraform files from untrusted sources or pull requests.
Long-Term Security Practices
Ensure that all instances of Checkov are updated to version 2.0.26 or later to mitigate this vulnerability.
Patching and Updates
The issue is resolved in Checkov version 2.0.26 and all subsequent releases.