cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-12289,https://securityvulnerability.io/vulnerability/CVE-2024-12289,Boundary Vulnerability May Cause Premature Server Termination,"During the initialization of the Boundary controller, Boundary Community Edition and Boundary Enterprise exhibit improper handling of HTTP requests. This flaw can lead to premature termination of the Boundary server, occurring within milliseconds during the startup process. Effective patches have been introduced in versions 0.16.4, 0.17.3, and 0.18.2 to address this issue, mitigating potential denial of service scenarios. Organizations using affected versions are encouraged to upgrade promptly to maintain operational stability and security.",Hashicorp,"Boundary,Boundary Enterprise",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-12T22:42:01.595Z,0 CVE-2024-1052,https://securityvulnerability.io/vulnerability/CVE-2024-1052,TLS Certificate Tampering Vulnerability in Boundary Enterprise,"Boundary and Boundary Enterprise by HashiCorp are susceptible to session hijacking due to vulnerabilities associated with TLS certificate tampering. An attacker with the capability to enumerate active or pending sessions may obtain a private key linked to a session and a valid trust on first use (TOFU) token. Leveraging this information, the attacker can craft a malicious TLS certificate to hijack an active session, leading to unauthorized access to the underlying services or applications. This vulnerability poses a significant risk to users and necessitates immediate attention.",Hashicorp,"Boundary,Boundary Enterprise",8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2024-02-05T20:43:53.939Z,0 CVE-2023-0690,https://securityvulnerability.io/vulnerability/CVE-2023-0690,Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured,"A vulnerability in HashiCorp Boundary versions 0.10.0 through 0.11.2 can lead to credentials being stored in plaintext. When using a PKI-based worker with a configured Key Management Service (KMS), new credentials created after automatic rotation may not be encrypted as intended, resulting in sensitive information being written to disk without adequate protection. This severe oversight necessitates immediate attention, as it can expose critical credentials to unauthorized access.",HashiCorp,Boundary,7.1,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-08T19:15:00.000Z,0 CVE-2022-36182,https://securityvulnerability.io/vulnerability/CVE-2022-36182,Clickjacking Vulnerability in Hashicorp Boundary Software,"Hashicorp Boundary v0.8.0 is susceptible to a clickjacking vulnerability, which can enable attackers to intercept login credentials. This security flaw may allow malicious actors to redirect users to harmful sites or compel users to execute undesirable actions within the application. By leveraging this vulnerability, attackers can compromise user accounts and manipulate user behavior, posing significant risks to data integrity and security.",Hashicorp,Boundary,6.1,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2022-10-27T00:00:00.000Z,0 CVE-2022-36130,https://securityvulnerability.io/vulnerability/CVE-2022-36130,Privilege Escalation Vulnerability in HashiCorp Boundary,"HashiCorp Boundary versions prior to 0.10.2 exhibit a vulnerability where data integrity checks were inadequately performed. This oversight permitted authorized users to gain access to resources associated with different scopes, leading to a potential privilege escalation scenario. The issue was addressed in version 0.10.2, which rectified the integrity checks, enhancing the security posture of the application.",Hashicorp,Boundary,9.9,CRITICAL,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-09-01T01:45:00.000Z,0