What is CVE-2024-1052?

CVE-2024-1052 is a high-severity vulnerability in Hashicorp Boundary, classified under Improper Certificate Validation. CVSS score: 8.0/10. Published 2024-02-05.

How severe is CVE-2024-1052?

High severity. CVSS v3 base score is 8.0 out of 10.

Vulnerability in Hashicorp Boundary

CVE-2024-1052

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obta…

Vulnerability class: Improper Certificate Validation

EPSS: 0.003 (53.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H.

Affected products

Hashicorp Boundary — versions 0.8.0
Hashicorp Boundary Enterprise — versions 0.8.0

Weakness classification (CWE)

CWE-295 — Improper Certificate Validation

References

discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-…

Frequently asked questions

What is CVE-2024-1052?: CVE-2024-1052 is a high-severity vulnerability in Hashicorp Boundary, classified under Improper Certificate Validation. CVSS score: 8.0/10. Published 2024-02-05.
How severe is CVE-2024-1052?: High severity. CVSS v3 base score is 8.0 out of 10.