Vulnerability Details CVE-2022-36130
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.5%
CVSS Severity
CVSS v3 Score 9.9
References
- https://discuss.hashicorp.com
- https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493
- https://discuss.hashicorp.com
- https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493
Products affected by CVE-2022-36130
-
cpe:2.3:a:hashicorp:boundary:-
-
cpe:2.3:a:hashicorp:boundary:0.1.0
-
cpe:2.3:a:hashicorp:boundary:0.1.1
-
cpe:2.3:a:hashicorp:boundary:0.1.2
-
cpe:2.3:a:hashicorp:boundary:0.1.3
-
cpe:2.3:a:hashicorp:boundary:0.1.4
-
cpe:2.3:a:hashicorp:boundary:0.1.5
-
cpe:2.3:a:hashicorp:boundary:0.1.6
-
cpe:2.3:a:hashicorp:boundary:0.1.7
-
cpe:2.3:a:hashicorp:boundary:0.1.8
-
cpe:2.3:a:hashicorp:boundary:0.10.0
-
cpe:2.3:a:hashicorp:boundary:0.10.1
-
cpe:2.3:a:hashicorp:boundary:0.2.0
-
cpe:2.3:a:hashicorp:boundary:0.2.1
-
cpe:2.3:a:hashicorp:boundary:0.2.2
-
cpe:2.3:a:hashicorp:boundary:0.2.3
-
cpe:2.3:a:hashicorp:boundary:0.3.0
-
cpe:2.3:a:hashicorp:boundary:0.4.0
-
cpe:2.3:a:hashicorp:boundary:0.5.0
-
cpe:2.3:a:hashicorp:boundary:0.5.1
-
cpe:2.3:a:hashicorp:boundary:0.6.0
-
cpe:2.3:a:hashicorp:boundary:0.6.1
-
cpe:2.3:a:hashicorp:boundary:0.6.2
-
cpe:2.3:a:hashicorp:boundary:0.7.0
-
cpe:2.3:a:hashicorp:boundary:0.7.1
-
cpe:2.3:a:hashicorp:boundary:0.7.2
-
cpe:2.3:a:hashicorp:boundary:0.7.3
-
cpe:2.3:a:hashicorp:boundary:0.7.4
-
cpe:2.3:a:hashicorp:boundary:0.7.5
-
cpe:2.3:a:hashicorp:boundary:0.7.6
-
cpe:2.3:a:hashicorp:boundary:0.8.0
-
cpe:2.3:a:hashicorp:boundary:0.8.1
-
cpe:2.3:a:hashicorp:boundary:0.9.0
-
cpe:2.3:a:hashicorp:boundary:0.9.1