Lucene search

MitreCVE-2022-36130

HistorySep 01, 2022 - 2:15 a.m.

CVE-2022-36130

2022-09-0102:15:07

CWE-345

mitre

web.nvd.nist.gov

cve-2022-36130

hashicorp boundary

data integrity check

privilege escalation

nvd

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

Affected configurations

Nvd

Node

hashicorpboundaryRange<0.10.2

VendorProductVersionCPE
hashicorpboundary*cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hashicorp	boundary	*	cpe:2.3:a:hashicorp:boundary::::::::

References

discuss.hashicorp.com

discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493

Social References

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

Related for CVE-2022-36130