CVE-2024-1052
- Source
- https://cve.org/CVERecord?id=CVE-2024-1052
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1052.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-1052
- Aliases
- Published
- 2024-02-05T20:43:53.939Z
- Modified
- 2026-05-28T03:55:35.297667795Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Boundary Vulnerable to Session Hijacking Through TLS Certificate Tampering
- Details
-
Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/1xxx/CVE-2024-1052.json", "cwe_ids": [ "CWE-295" ], "cna_assigner": "HashiCorp" }- References
Affected packages
Git / github.com/hashicorp/boundary
Affected versions
api/v0.*
api/v0.0.25
api/v0.0.26
api/v0.0.27
api/v0.0.28
api/v0.0.29
api/v0.0.33
api/v0.0.35
api/v0.0.36
api/v0.0.37
api/v0.0.38
api/v0.0.39
api/v0.0.40
api/v0.0.41
api/v0.0.43
api/v0.0.44
sdk/v0.*
sdk/v0.0.16
sdk/v0.0.17
sdk/v0.0.18
sdk/v0.0.19
sdk/v0.0.20
sdk/v0.0.21
sdk/v0.0.22
sdk/v0.0.24
sdk/v0.0.27
sdk/v0.0.28
sdk/v0.0.29
sdk/v0.0.31
sdk/v0.0.32
sdk/v0.0.33
sdk/v0.0.34
sdk/v0.0.35
sdk/v0.0.36
sdk/v0.0.37
sdk/v0.0.39
sdk/v0.0.40
sdk/v0.0.41
v0.*
v0.10.0
v0.13.0
v0.8.0
v0.9.0
v0.9.1