CRITICAL🇬🇧 English

CVE-2022-36130

CVSS 9.9v3.1pub. 2022-09-01upd. 2024-11-21

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Hashicorp Boundary

    APP
    Hashicorp
    < 0.10.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2024-1052HIGH8.0ten sam produkt

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampe...

CVE-2024-12289MEDIUM5.9ten sam produkt

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the in...

CVE-2023-0690MEDIUM5.0ten sam produkt

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...

CVE-2022-36182MEDIUM6.1ten sam produkt

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials,...

CVE-2025-6000CRITICAL9.1PL ✓ten sam vendor

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit