Lucene search

GitHub Advisory DatabaseGHSA-VH73-Q3RW-QX7W

HistoryFeb 05, 2024 - 9:30 p.m.

Boundary vulnerable to session hijacking through TLS certificate tampering

2024-02-0521:30:31

CWE-295

GitHub Advisory Database

github.com

boundary enterprise

session hijacking

tls certificate

tampering

attacker privileges

private key

trust on first use

tofu token

active session

underlying service

application

software

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

19.3%

JSON

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

Affected configurations

Vulners

Node

hashicorpboundaryRange0.8.0–0.15.0

VendorProductVersionCPE
hashicorpboundary*cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hashicorp	boundary	*	cpe:2.3:a:hashicorp:boundary::::::::

References

discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458

github.com/advisories/GHSA-vh73-q3rw-qx7w

nvd.nist.gov/vuln/detail/CVE-2024-1052

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

Confidence

Low

EPSS

0.001

Percentile

19.3%

JSON

Related for GHSA-VH73-Q3RW-QX7W