CVE-2024-1052

CVSS V2 None CVSS V3 None

Description

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

Overview

CVE ID
CVE-2024-1052

Assigner
HashiCorp

Vulnerability Status
PUBLISHED

Published Version
2024-02-05T20:43:53.939Z

Last Modified Date
2024-02-05T20:43:53.939Z

Weakness Enumerations

CWE	URL
CWE-295	http://cwe.mitre.org/data/definitions/295.html

References

Reference URL	Reference Tags
https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-1052
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1052

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 05:47:45				Added to TrackCVE