HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com | Vendor Advisory |
https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-01T01:45:00
Updated: 2022-09-01T01:45:00
Reserved: 2022-07-18T00:00:00
Link: CVE-2022-36130
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-01T02:15:07.980
Modified: 2022-09-09T14:17:42.070
Link: CVE-2022-36130
JSON object: View
Redhat Information
No data.
CWE