# Exploit Title: Hashicorp Boundary < v0.11.0 - Clickjacking
# Date: 07/08/2022
# Exploit Author: Brandon Roach (V4quero)
# Vendor Homepage: > https://releases.hashicorp.com/boundary/
# Software Link: > https://github.com/hashicorp/boundary
# Version: < v.0.11.0
# Patch Status: Unpatched
# Tested on: Linux
# CVE: CVE-2022-36182

Attackers can exploit this vulnerability to allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site.

Attack vector:
to exploit the vulnerability, an attacker would frame the application and overlay hidden ui elements on the site

Reference
https://owasp.org/www-community/attacks/Clickjacking