QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-12289

Back to search

CVE-2024-12289

Published: Dec 12, 2024

Modified: Dec 13, 2024

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

VendorProductVersions

HashiCorp

Boundary

affected
0.8.0 - < 0.18.2

HashiCorp

Boundary Enterprise

affected
0.8.0 - < 0.18.2

Weaknesses (CWE)

CWE-460

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now