cvedb.io
CVE-2022-36130
CRITICAL · CVSS 9.9
EPSS exploitation probability: 0%
Published 2022-09-01T02:15:07.980 · Last modified 2026-06-17T04:52:58.777

Summary

HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2.

Affected products

hashicorp — boundary

Does this affect you?

Add your gear to cvedb and we'll alert you only when hashicorp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.