Terraform OpenTofu Proxmox Provider Sudoers Path Traversal Vulnerability

A vulnerability exists in the Terraform/OpenTofu Proxmox provider prior to version 0.93.1, where the SSH configuration documentation recommends an insecure sudoers line. This line allows for path traversal by escaping directories, enabling the modification of any file on the system. The issue has been addressed in version 0.93.1.

Impact

Exploitation of this vulnerability allows a user with Terraform privileges to gain root access on the Proxmox node by manipulating the sudoers file.

Reproduction

To reproduce this vulnerability, add the insecure sudoers line as recommended in the documentation. Then, using a Terraform user, execute a command that leverages the path traversal capability to write to the sudoers.d directory, effectively escalating privileges to root.

Remediation

Users are advised to update to Terraform OpenTofu Proxmox Provider version 0.93.1 or later. When configuring sudoers, restrict commands to specific subdirectories with strict filename patterns to prevent path traversal attacks.