MEDIUM🇬🇧 English

CVE-2024-12289

CVSS 5.9v3.1pub. 2024-12-12upd. 2025-12-29

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Hashicorp Boundary

    APP
    Hashicorp
    0.8.0 – 0.16.4 (bez)0.17.0 – 0.17.3 (bez)0.18.0 – 0.18.2 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2022-36130CRITICAL9.9ten sam produkt

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were as...

CVE-2024-1052HIGH8.0ten sam produkt

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampe...

CVE-2023-0690MEDIUM5.0ten sam produkt

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...

CVE-2022-36182MEDIUM6.1ten sam produkt

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials,...

CVE-2025-6000CRITICAL9.1PL ✓ten sam vendor

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit

CVE-2024-12289 — MEDIUM 5.9 | CVEbaza.pl