MEDIUM🇵🇱 Wersja polska

CVE-2024-12289

CVSS 5.9v3.1pub. 2024-12-12upd. 2025-12-29

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Hashicorp Boundary

    APP
    Hashicorp
    0.8.0 – 0.16.4 (bez)0.17.0 – 0.17.3 (bez)0.18.0 – 0.18.2 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-36130CRITICAL9.9ten sam produkt

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were as...

CVE-2024-1052HIGH8.0ten sam produkt

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampe...

CVE-2023-0690MEDIUM5.0ten sam produkt

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...

CVE-2022-36182MEDIUM6.1ten sam produkt

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials,...

CVE-2025-6000CRITICAL9.1PL ✓ten sam vendor

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit