CVE-2022-36130
First published: Thu Sep 01 2022(Updated: )
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Boundary | <0.10.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-36130?
CVE-2022-36130 is a vulnerability in HashiCorp Boundary up to version 0.10.1 that allowed potential privilege escalation for authorized users of another scope.
What is the severity of CVE-2022-36130?
The severity of CVE-2022-36130 is critical with a severity score of 9.9.
How does CVE-2022-36130 affect HashiCorp Boundary?
CVE-2022-36130 affects HashiCorp Boundary up to version 0.10.1 by allowing potential privilege escalation for authorized users of another scope.
How can I fix CVE-2022-36130?
To fix CVE-2022-36130, users should update to HashiCorp Boundary version 0.10.2 or later.
Where can I find more information about CVE-2022-36130?
More information about CVE-2022-36130 can be found at the HashiCorp Boundary official discussion forum.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hashicorp
- canonical/hashicorp boundary