Количество 2
Количество 2
CVE-2024-1052
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
GHSA-vh73-q3rw-qx7w
Boundary vulnerable to session hijacking through TLS certificate tampering
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-1052 Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. | CVSS3: 8 | 0% Низкий | около 2 лет назад |
| GHSA-vh73-q3rw-qx7w Boundary vulnerable to session hijacking through TLS certificate tampering | CVSS3: 8 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу