CVE-2022-36130

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-36130
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36130.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36130
Published
2022-09-01T02:15:07.980Z
Modified
2026-03-14T11:49:00.300793Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

References

Affected packages

Git / github.com/hashicorp/boundary

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/boundary
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
69e347e6a74526ef93465489d4748785c41894a5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.10.2"
        }
    ]
}

Affected versions

api/v0.*
api/v0.0.1
api/v0.0.10
api/v0.0.11
api/v0.0.12
api/v0.0.13
api/v0.0.14
api/v0.0.15
api/v0.0.16
api/v0.0.17
api/v0.0.18
api/v0.0.19
api/v0.0.2
api/v0.0.20
api/v0.0.21
api/v0.0.22
api/v0.0.23
api/v0.0.24
api/v0.0.25
api/v0.0.26
api/v0.0.27
api/v0.0.28
api/v0.0.3
api/v0.0.4
api/v0.0.5
api/v0.0.6
api/v0.0.7
api/v0.0.8
api/v0.0.9
sdk/v0.*
sdk/v0.0.1
sdk/v0.0.10
sdk/v0.0.11
sdk/v0.0.12
sdk/v0.0.13
sdk/v0.0.14
sdk/v0.0.15
sdk/v0.0.16
sdk/v0.0.17
sdk/v0.0.18
sdk/v0.0.19
sdk/v0.0.2
sdk/v0.0.3
sdk/v0.0.4
sdk/v0.0.5
sdk/v0.0.6
sdk/v0.0.7
sdk/v0.0.8
sdk/v0.0.9
v0.*
v0.1.0
v0.1.0-beta.1
v0.1.0-beta.3
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.10.1
v0.2.0
v0.2.1
v0.2.2
v0.2.3
v0.3.0
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.6.1
v0.6.2
v0.7.0
v0.7.1
v0.7.4
v0.7.5
v0.7.6
v0.8.0
v0.9.0
v0.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36130.json"