Lucene search
Veracode Vulnerability DatabaseVERACODE:39241HistoryFeb 13, 2023 - 2:06 a.m.
Information Disclosure
2023-02-1302:06:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
github boundary vulnerability encryption sensitive information
0.0004 Low
EPSS
Percentile
9.0%
github.com/hashicorp/boundary is vulnerable to Information Disclosure. The vulnerability exists because the new credentials created after an automatic rotation may not have been encrypted via the intended KMS, allowing an attacker to gain sensitive information through the worker’s disk.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/boundary | le | v0.11.2 | |
| github.com/hashicorp/boundary | le | v0.11.2 |
References
discuss.hashicorp.com/t/hcsec-2023-03-boundary-workers-store-rotated-credentials-in-plaintext-even-when-key-management-service-configured/49907
discuss.hashicorp.com/t/hcsec-2023-03-boundary-workers-store-rotated-credentials-in-plaintext-even-when-key-management-service-configured/49907/1
github.com/hashicorp/boundary/commit/bd4f5f380197eff9e7963290a2947c4dcd992af1
github.com/hashicorp/boundary/pull/2484
Related
osv
osv
CVE-2023-0690
2023-02-08 19:15:11
cve
cve
CVE-2023-0690
2023-02-08 19:15:11
cvelist
cvelist
github
github
nvd
nvd
CVE-2023-0690
2023-02-08 19:15:11
prion
prion
Design/Logic Flaw
2023-02-08 19:15:00