5 matches found
CVE-2022-36182
CVE-2022-36182 concerns Hashicorp Boundary v0.8.0 vulnerable to Clickjacking. The core issue is a framing-based attack that can intercept login credentials, redirect users to malicious sites, or enable users to perform unintended actions on the site. Reported data indicate the affected software, ...
CVE-2023-0690
HashiCorp Boundary is affected from 0.10.0 through 0.11.2 when using a PKI-based worker with a KMS defined in the config. New credentials created after automatic rotation may not have been encrypted by the intended KMS, resulting in plaintext on the Boundary PKI worker’s disk. The issue is fixed ...
CVE-2024-1052
Boundary and Boundary Enterprise are affected by CVE-2024-1052: session hijacking via TLS certificate tampering. The issue occurs when an attacker who can enumerate active/pending sessions, obtain a session private key, and possess a valid TOFU token can craft a TLS certificate to hijack an activ...
CVE-2022-36130
CVE-2022-36130 concerns HashiCorp Boundary prior to 0.10.2. The issue is improper data integrity checks that allow privilege escalation for authorized users of another scope, by misallocating resources to scopes. A fixed version is Boundary 0.10.2. In practice, this means upgrading to 0.10.2 miti...
CVE-2024-12289
CVE-2024-12289 affects Boundary Community Edition and Boundary Enterprise. The issue occurs during initialization of the Boundary controller, where HTTP requests are mishandled and may cause the Boundary server to terminate prematurely. Fixed in Boundary 0.16.4, 0.17.3, and 0.18.2. Connected docu...