漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Boundary Workers Store Rotated Credentials in Plaintext Even When a Key Management Service Configured
Vulnerability Description
HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Vulnerability Type
敏感数据的明文存储
Vulnerability Title
HashiCorp Boundary 安全漏洞
Vulnerability Description
HashiCorp Boundary是美国HashiCorp公司的一种开源解决方案。可自动实现基于身份的安全用户跨环境访问主机和服务。 HashiCorp Boundary 存在安全漏洞,该漏洞源于在部分情况下自动轮换创建的新密钥可能没有被正确加密。
CVSS Information
N/A
Vulnerability Type
N/A