CVE-2024-12289
- EPSS 0.16%
- Veröffentlicht 12.12.2024 23:15:10
- Zuletzt bearbeitet 12.12.2024 23:15:10
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this f...
- EPSS 0.3%
- Veröffentlicht 05.02.2024 21:15:11
- Zuletzt bearbeitet 21.11.2024 08:49:41
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid ...
CVE-2023-0690
- EPSS 0.02%
- Veröffentlicht 08.02.2023 19:15:11
- Zuletzt bearbeitet 21.11.2024 07:37:38
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted ...
CVE-2022-36182
- EPSS 0.15%
- Veröffentlicht 27.10.2022 13:15:10
- Zuletzt bearbeitet 07.05.2025 18:15:34
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVE-2022-36130
- EPSS 0.17%
- Veröffentlicht 01.09.2022 02:15:07
- Zuletzt bearbeitet 21.11.2024 07:12:27
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.