Privilege Escalation in HashiCorp Boundary up to 0.10.1

Privilege Escalation in HashiCorp Boundary up to 0.10.1

CVE-2022-36130 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

Learn more about our User Device Pen Test.