Vulnerabilities > Hashicorp > Boundary > 0.10.4

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-1052 Improper Certificate Validation vulnerability in Hashicorp Boundary
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering.
network
high complexity
hashicorp CWE-295
8.0
2023-02-08 CVE-2023-0690 Missing Encryption of Sensitive Data vulnerability in Hashicorp Boundary
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS.
local
low complexity
hashicorp CWE-311
7.1
2022-10-27 CVE-2022-36182 Improper Restriction of Rendered UI Layers or Frames vulnerability in Hashicorp Boundary
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
network
low complexity
hashicorp CWE-1021
6.1