CVE-2022-36130

9.9CRITICAL

Key Information

Vendor: Hashicorp
Status: Boundary
Vendor: CVE Published:; 1 September 2022

Summary

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Sep 1, 2022
Vulnerability Reserved.
Jul 18, 2022

Collectors

NVD DatabaseMitre Database