Vulnerability Details : CVE-2022-36130
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
Vulnerability category: Gain privilege
Products affected by CVE-2022-36130
- cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36130
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 37 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36130
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.9
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
3.1
|
6.0
|
NIST |
CWE ids for CVE-2022-36130
-
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-36130
-
https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493
HCSEC-2022017 - Boundary Allowed Access To Host Sets And Credential Sources For Authorized Users Of Another Scope - Security - HashiCorp DiscussVendor Advisory
-
https://discuss.hashicorp.com
HashiCorp DiscussVendor Advisory
Jump to