CVE-2022-36130

CRITICAL

HashiCorp Boundary <0.10.1 - Privilege Escalation

Title source: llm

Description

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://discuss.hashicorp.com

Vendor Advisory x_refsource_misc

https://discuss.hashicorp.com/t/hcsec-2022017-boundary-allowed-access-to-host-sets-and-credential-sources-for-authorized-users-of-another-scope/43493

Scores

CVSS v3 9.9

EPSS 0.0017

EPSS Percentile 37.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-345

Status published

Products (1)

hashicorp/boundary < 0.10.2

Published Sep 01, 2022

Tracked Since Feb 18, 2026