GCVE - cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:boundary_enterprise:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Boundary Enterprise (`6a91c0dd-3d71-53ec-b3cf-851cdc215a03`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-7776`	vulnerable	2026-06-03 15:27:57.272216	Boundary Workers Vulnerable to Denial of Service During TLS Handshake HIGH (7.5) Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate during the TLS handshake, causing worker connection handling to block. This may prevent legitimate worker connections from being accepted or routed. This vulnerability, CVE-2026-7776, is fixed in Boundary 0.21.3, 0.20.3, 0.19.5. Published: 2026-05-04T21:34:10.975Z Updated: 2026-05-05T14:14:05.799Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2026-11-boundary-workers-vulnerable-to-denial-of-service-during-tls-handshake	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1052`	vulnerable	2026-06-03 14:54:26.044935	Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering HIGH (8) Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. Published: 2024-02-05T20:43:53.939Z Updated: 2024-08-01T18:26:30.420Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-12289`	vulnerable	2026-06-03 14:54:16.055756	Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service MEDIUM (5.9) Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2. Published: 2024-12-12T22:42:01.595Z Updated: 2024-12-13T19:35:10.676Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.