4 matches found
CVE-2023-0690
HashiCorp Boundary is affected from 0.10.0 through 0.11.2 when using a PKI-based worker with a KMS defined in the config. New credentials created after automatic rotation may not have been encrypted by the intended KMS, resulting in plaintext on the Boundary PKI worker’s disk. The issue is fixed ...
CVE-2023-0690 Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service KMS defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the...
CVE-2023-0690 Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service KMS defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the...
Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured
Summary A vulnerability in Boundary was identified such that when a Key Management Service KMS was defined in Boundary’s configuration file with the intent of using the KMS to encrypt the credentials stored on disk, new credentials created after an automatic rotation may not have been encrypted v...