CVE-2022-36130 — CRITICAL (9.9)

Q: How severe is CVE-2022-36130?

CVE-2022-36130 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-36130?

Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Boundary.

Vulnerability Description

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Hashicorp	Boundary	< 0.10.2

Related Weaknesses (CWE)

CWE-345

References

https://discuss.hashicorp.comVendor Advisory
https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-seVendor Advisory
https://discuss.hashicorp.comVendor Advisory
https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-seVendor Advisory

FAQ

What is CVE-2022-36130?

CVE-2022-36130 is a vulnerability with a CVSS score of 9.9 (CRITICAL). HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized u...

How severe is CVE-2022-36130?

CVE-2022-36130 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-36130?

Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Boundary.