Описание
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
Уязвимые конфигурации
Конфигурация 1Версия от 0.8.0 (включая) до 0.15.0 (исключая)
cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00303
Низкий
8 High
CVSS3
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 8
github
около 2 лет назад
Boundary vulnerable to session hijacking through TLS certificate tampering
EPSS
Процентиль: 53%
0.00303
Низкий
8 High
CVSS3
Дефекты
CWE-295
CWE-295