Lucene search
+L
HashicorpBoundary

5 matches found

CVE
CVE
added 2022/10/27 12:0 a.m.70 views

CVE-2022-36182

CVE-2022-36182 concerns Hashicorp Boundary v0.8.0 vulnerable to Clickjacking. The core issue is a framing-based attack that can intercept login credentials, redirect users to malicious sites, or enable users to perform unintended actions on the site. Reported data indicate the affected software, ...

6.1CVSS6.2AI score0.00538EPSS
CVE
CVE
added 2023/02/08 6:27 p.m.69 views

CVE-2023-0690

HashiCorp Boundary is affected from 0.10.0 through 0.11.2 when using a PKI-based worker with a KMS defined in the config. New credentials created after automatic rotation may not have been encrypted by the intended KMS, resulting in plaintext on the Boundary PKI worker’s disk. The issue is fixed ...

7.1CVSS5.8AI score0.00437EPSS
CVE
CVE
added 2024/02/05 8:43 p.m.65 views

CVE-2024-1052

Boundary and Boundary Enterprise are affected by CVE-2024-1052: session hijacking via TLS certificate tampering. The issue occurs when an attacker who can enumerate active/pending sessions, obtain a session private key, and possess a valid TOFU token can craft a TLS certificate to hijack an activ...

8CVSS7.8AI score0.00294EPSS
CVE
CVE
added 2022/09/01 1:45 a.m.64 views

CVE-2022-36130

CVE-2022-36130 concerns HashiCorp Boundary prior to 0.10.2. The issue is improper data integrity checks that allow privilege escalation for authorized users of another scope, by misallocating resources to scopes. A fixed version is Boundary 0.10.2. In practice, this means upgrading to 0.10.2 miti...

9.9CVSS9.6AI score0.00417EPSS
CVE
CVE
added 2024/12/12 10:42 p.m.63 views

CVE-2024-12289

CVE-2024-12289 affects Boundary Community Edition and Boundary Enterprise. The issue occurs during initialization of the Boundary controller, where HTTP requests are mishandled and may cause the Boundary server to terminate prematurely. Fixed in Boundary 0.16.4, 0.17.3, and 0.18.2. Connected docu...

5.9CVSS5.6AI score0.00378EPSS