Security
Headlines
HeadlinesLatestCVEs

Headline

Hashicorp Boundary Clickjacking

Hashicorp Boundary versions prior to 0.9.1 suffer from a clickjacking vulnerability.

Packet Storm
#vulnerability#linux#git#auth
# Exploit Title: Hashicorp Boundary < v0.9.1 - Clickjacking# Date: 07/08/2022# Exploit Author: Brandon Roach (V4quero)# Vendor Homepage: https://releases.hashicorp.com/boundary/# Software Link: https://github.com/hashicorp/boundary# Version: < v.0.9.1# Tested on: Linux# CVE: CVE-2022-36182Attackers can exploit this vulnerability to allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.Attack vector:to exploit the vulnerability, an attacker would frame the application and overlay hidden ui elements on the siteReferencehttps://owasp.org/www-community/attacks/Clickjacking

Related news

GHSA-xqv2-3vvq-qg6r: Hashicorp Boundary vulnerable to clickjacking

Hashicorp Boundary is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.

CVE-2022-36182: Clickjacking | OWASP Foundation

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution