CVE-2022-36130
Severity CVSS v4.0:
Pending analysis
Type:
CWE-345
Insufficient Verification of Data Authenticity
Publication date:
01/09/2022
Last modified:
09/09/2022
Description
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
Impact
Base Score 3.x
9.90
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:* | 0.10.2 (excluding) |
To consult the complete list of CPE names with products and versions, see this page



