Headline
Hashicorp Boundary Clickjacking
Hashicorp Boundary versions prior to 0.9.1 suffer from a clickjacking vulnerability.
# Exploit Title: Hashicorp Boundary < v0.9.1 - Clickjacking# Date: 07/08/2022# Exploit Author: Brandon Roach (V4quero)# Vendor Homepage: https://releases.hashicorp.com/boundary/# Software Link: https://github.com/hashicorp/boundary# Version: < v.0.9.1# Tested on: Linux# CVE: CVE-2022-36182Attackers can exploit this vulnerability to allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.Attack vector:to exploit the vulnerability, an attacker would frame the application and overlay hidden ui elements on the siteReferencehttps://owasp.org/www-community/attacks/ClickjackingRelated news
GHSA-xqv2-3vvq-qg6r: Hashicorp Boundary vulnerable to clickjacking
Hashicorp Boundary is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.
CVE-2022-36182: Clickjacking | OWASP Foundation
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.