CRITICAL🇵🇱 Wersja polska

CVE-2022-36130

CVSS 9.9v3.1pub. 2022-09-01upd. 2024-11-21

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Hashicorp Boundary

    APP
    Hashicorp
    < 0.10.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2024-1052HIGH8.0ten sam produkt

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampe...

CVE-2024-12289MEDIUM5.9ten sam produkt

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the in...

CVE-2023-0690MEDIUM5.0ten sam produkt

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...

CVE-2022-36182MEDIUM6.1ten sam produkt

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials,...

CVE-2025-6000CRITICAL9.1PL ✓ten sam vendor

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit