CVE-2024-12289

Опубликовано: 12 дек. 2024

Источник: nvd

CVSS3: 5.9

EPSS Низкий

Описание

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.

This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

Ссылки

https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*

Версия от 0.8.0 (включая) до 0.16.4 (исключая)

cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*

Версия от 0.17.0 (включая) до 0.17.3 (исключая)

cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*

Версия от 0.18.0 (включая) до 0.18.2 (исключая)

EPSS

Процентиль: 60%

0.00392

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-460

CWE-665

Связанные уязвимости

GHSA-xx83-cxmq-x89m

CVSS3: 5.9

github

около 1 года назад

Boundary Community Edition Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

EPSS

Процентиль: 60%

0.00392

Низкий

5.9 Medium

CVSS3

Дефекты

CWE-460

CWE-665