github.com/hashicorp/boundary

Go5 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/hashicorp/boundarypage 1 of 1

CVE-2022-36182MEDIUMCVSS 6.1EG 6.1
2022-10-27
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVE-2023-0690MEDIUMCVSS 5.0EG 5.0✓ Fixed in 0.12.0
2023-02-08
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have bee…
CVE-2024-1052HIGHCVSS 8.0EG 8.0✓ Fixed in 0.15.0
2024-02-05
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and …
CVE-2024-12289MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.18.2
2024-12-12
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulne…
CVE-2026-7776HIGHCVSS 7.5EG 7.5✓ Fixed in 0.21.3
2026-05-04
Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may op…

Check whether github.com/hashicorp/boundary is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/hashicorp/boundary CVEs against the assets you own.

Start Free Scan →