Hashicorp: >> Boundary >> 0.8.0 Security Vulnerabilities
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
CVSS Score
8.0
EPSS Score
0.003
Published
2024-02-05
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-10-27
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
CVSS Score
9.9
EPSS Score
0.002
Published
2022-09-01