HashiCorp Boundary
By the Year
In 2023 there have been 1 vulnerability in HashiCorp Boundary with an average score of 7.1 out of ten. Last year Boundary had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Boundary in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.90
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 7.10 |
| 2022 | 2 | 8.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Boundary vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent HashiCorp Boundary Security Vulnerabilities
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted
CVE-2023-0690
7.1 - High
- February 08, 2023
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI workers disk. This issue is fixed in version 0.12.0.
Missing Encryption of Sensitive Data
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which
CVE-2022-36182
6.1 - Medium
- October 27, 2022
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
Clickjacking
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes
CVE-2022-36130
9.9 - Critical
- September 01, 2022
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
Insufficient Verification of Data Authenticity
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for HashiCorp Boundary or by HashiCorp? Click the Watch button to subscribe.
