Home > Vulnerability Database > CVE-2024-12289

Mend.io Vulnerability Database

CVE-2024-12289

Good to know:

Date: December 12, 2024

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

Language: Go

Severity Score

5.9

Related Resources (5)

Url: https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-handles-http-requests-on-initialization-which-may-lead-to-a-denial-of-service

Url: https://github.com/hashicorp/boundary

Url: https://github.com/advisories/GHSA-xx83-cxmq-x89m

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12289

Url: https://www.mend.io/vulnerability-database/CVE-2024-12289

Severity Score

5.9

Weakness Type (CWE)

Improper Cleanup on Thrown Exception

CWE-460

Top Fix

Upgrade Version

Upgrade to version github.com/hashicorp/boundary - v0.18.2

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12289

Good to know:

Date: December 12, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?