CVE-2024-12289

Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service

Description

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

INFO

Published Date :

2024-12-12T22:42:01.595Z

Last Modified :

2024-12-13T19:35:10.676Z

Source :

HashiCorp

AFFECTED PRODUCTS

The following products are affected by CVE-2024-12289 vulnerability.

Vendors	Products
Hashicorp	Boundary

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12289.

URL	Resource
https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact