CVE-2022-36182: Hashicorp Boundary vulnerable to clickjacking

October 27, 2022 (updated October 28, 2022)

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.

References

github.com/advisories/GHSA-xqv2-3vvq-qg6r
nvd.nist.gov/vuln/detail/CVE-2022-36182
owasp.org/www-community/attacks/Clickjacking
packetstormsecurity.com/files/168654/Hashicorp-Boundary-Clickjacking.html

Detect and mitigate CVE-2022-36182 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →