8
CVE-2024-1052
- EPSS 0.3%
- Veröffentlicht 05.02.2024 21:15:11
- Zuletzt bearbeitet 21.11.2024 08:49:41
- Quelle security@hashicorp.com
- CVE-Watchlists
- Unerledigt
LoginBoundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.531 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 1.3 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
| security@hashicorp.com | 8 | 1.3 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.