An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En

Boundary vulnerable to session hijacking through TLS certificate tampering

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 20 days ago
Updated: 20 days ago

CVSS Score: 8.0
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Identifiers: GHSA-vh73-q3rw-qx7w, CVE-2024-1052

Affected Packages
Versions: >= 0.8.0, < 0.15.0
Fixed in: 0.15.0