HIGH🇵🇱 Wersja polska

CVE-2024-1052

CVSS 8.0v3.1pub. 2024-02-05upd. 2024-11-21

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Hashicorp Boundary

    APP
    Hashicorp
    0.8.0 – 0.15.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-36130CRITICAL9.9ten sam produkt

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were as...

CVE-2024-12289MEDIUM5.9ten sam produkt

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the in...

CVE-2023-0690MEDIUM5.0ten sam produkt

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key ...

CVE-2022-36182MEDIUM6.1ten sam produkt

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials,...

CVE-2025-6000CRITICAL9.1PL ✓ten sam vendor

HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit