Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NHashicorp Boundary
APPHashicorp< 0.11.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2022-36130CRITICAL9.9ten sam produkt
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were as...
CVE-2024-1052HIGH8.0ten sam produkt
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampe...
CVE-2024-12289MEDIUM5.9ten sam produkt
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the in...
CVE-2023-0690MEDIUM5.0ten sam produkt
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...
CVE-2025-6000CRITICAL9.1PL ✓ten sam vendor
HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit