Vulnerabilities (CVE)

Filtered by vendor Hashicorp Subscribe
Filtered by product Boundary
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-1052 1 Hashicorp 1 Boundary 2024-11-21 N/A 8.0 HIGH
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
CVE-2023-0690 1 Hashicorp 1 Boundary 2024-11-21 N/A 5.0 MEDIUM
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.
CVE-2022-36182 1 Hashicorp 1 Boundary 2024-11-21 N/A 6.1 MEDIUM
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVE-2022-36130 1 Hashicorp 1 Boundary 2024-11-21 N/A 9.9 CRITICAL
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.