Security
Headlines

Headlines Latest CVEs

Headline

GHSA-9vrm-v9xv-x3xr: HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.

1 year ago

HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured

High severity GitHub Reviewed Published Jul 6, 2023 to the GitHub Advisory Database • Updated Jul 6, 2023

Related news

CVE-2023-0690: HCSEC-2023-03 - Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.

1 year ago

ghsa: Latest News

GHSA-49cc-xrjf-9qf7: SFTPGo allows administrators to restrict command execution from the EventManager

10 hours ago

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

11 hours ago

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

11 hours ago

GHSA-hj3w-wrh4-44vp: LLama Factory Remote OS Command Injection Vulnerability

11 hours ago

GHSA-jh6x-7xfg-9cq2: Searching Opencast may cause a denial of service

1 day ago