CVE-2024-1052
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-1052
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1052.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-1052
- Aliases
- Published
- 2024-02-05T21:15:11Z
- Modified
- 2025-02-19T03:36:24.938877Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
- References
Affected packages
Git / github.com/hashicorp/boundary
Affected versions
api/v0.*
api/v0.0.25
api/v0.0.26
api/v0.0.27
api/v0.0.28
api/v0.0.29
api/v0.0.33
api/v0.0.35
api/v0.0.36
api/v0.0.37
api/v0.0.38
api/v0.0.39
api/v0.0.40
api/v0.0.41
api/v0.0.43
api/v0.0.44
sdk/v0.*
sdk/v0.0.16
sdk/v0.0.17
sdk/v0.0.18
sdk/v0.0.19
sdk/v0.0.20
sdk/v0.0.21
sdk/v0.0.22
sdk/v0.0.24
sdk/v0.0.27
sdk/v0.0.28
sdk/v0.0.29
sdk/v0.0.31
sdk/v0.0.32
sdk/v0.0.33
sdk/v0.0.34
sdk/v0.0.35
sdk/v0.0.36
sdk/v0.0.37
sdk/v0.0.39
sdk/v0.0.40
sdk/v0.0.41
v0.*
v0.10.0
v0.13.0
v0.8.0
v0.9.0
v0.9.1