CVE-2022-36130

Source
https://cve.org/CVERecord?id=CVE-2022-36130
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36130.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36130
Published
2022-09-01T01:45:00Z
Modified
2026-07-15T01:49:16.130499155Z
Summary
[none]
Details

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

Database specific
{
    "cna_assigner": "mitre",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/36xxx/CVE-2022-36130.json"
}
References

Affected packages

Git / github.com/hashicorp/boundary

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/boundary
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.10.2"
        }
    ]
}

Affected versions

api/v0.*
api/v0.0.1
api/v0.0.10
api/v0.0.11
api/v0.0.12
api/v0.0.13
api/v0.0.14
api/v0.0.15
api/v0.0.16
api/v0.0.17
api/v0.0.18
api/v0.0.19
api/v0.0.2
api/v0.0.20
api/v0.0.21
api/v0.0.22
api/v0.0.23
api/v0.0.24
api/v0.0.25
api/v0.0.26
api/v0.0.27
api/v0.0.28
api/v0.0.3
api/v0.0.4
api/v0.0.5
api/v0.0.6
api/v0.0.7
api/v0.0.8
api/v0.0.9
sdk/v0.*
sdk/v0.0.1
sdk/v0.0.10
sdk/v0.0.11
sdk/v0.0.12
sdk/v0.0.13
sdk/v0.0.14
sdk/v0.0.15
sdk/v0.0.16
sdk/v0.0.17
sdk/v0.0.18
sdk/v0.0.19
sdk/v0.0.2
sdk/v0.0.3
sdk/v0.0.4
sdk/v0.0.5
sdk/v0.0.6
sdk/v0.0.7
sdk/v0.0.8
sdk/v0.0.9
v0.*
v0.1.0
v0.1.0-beta.1
v0.1.0-beta.3
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.10.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.7.1
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.9.0
v0.9.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36130.json"