exploitDog

CVE-2022-36130

Опубликовано: 01 сент. 2022

Источник: nvd

CVSS3: 9.9

EPSS Низкий

Описание

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

Ссылки

https://discuss.hashicorp.com
Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493
Vendor Advisory
https://discuss.hashicorp.com
Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*

Версия до 0.10.2 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

9.9 Critical

CVSS3

Дефекты

CWE-345

Связанные уязвимости

GHSA-h79m-9724-rw92

CVSS3: 9.9

github

больше 3 лет назад

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

EPSS

Процентиль: 38%

0.00168

Низкий

9.9 Critical

CVSS3

Дефекты

CWE-345