Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HHashicorp Boundary
APPHashicorp0.8.0 – 0.16.4 (bez)0.17.0 – 0.17.3 (bez)0.18.0 – 0.18.2 (bez)
Powiązane podatności
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were as...
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampe...
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials,...
HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit