Openbao

Openbao

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-59043

  • EPSS 0.22%
  • Veröffentlicht 17.10.2025 16:15:38
  • Zuletzt bearbeitet 24.10.2025 17:13:10

OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize th...

5.7

CVE-2025-55003

  • EPSS 0.04%
  • Veröffentlicht 09.08.2025 02:01:43
  • Zuletzt bearbeitet 12.08.2025 20:39:40

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao's Login Multi-Factor Authentication (MFA) system allows enforcing MFA using ...

6.5

CVE-2025-55001

  • EPSS 0.06%
  • Veröffentlicht 09.08.2025 02:01:29
  • Zuletzt bearbeitet 12.08.2025 20:44:04

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, OpenBao allowed the assignment of policies and MFA attribution based upon entity ali...

6.5

CVE-2025-55000

  • EPSS 0.06%
  • Veröffentlicht 09.08.2025 02:01:16
  • Zuletzt bearbeitet 13.11.2025 17:55:51

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine could accept valid codes multiple times rather tha...

3.7

CVE-2025-54999

  • EPSS 0.05%
  • Veröffentlicht 09.08.2025 02:00:46
  • Zuletzt bearbeitet 13.11.2025 17:54:56

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to ...

5.3

CVE-2025-54998

  • EPSS 0.05%
  • Veröffentlicht 09.08.2025 02:00:27
  • Zuletzt bearbeitet 13.11.2025 17:51:59

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao User...

9.1

CVE-2025-54997

  • EPSS 0.26%
  • Veröffentlicht 09.08.2025 01:56:45
  • Zuletzt bearbeitet 13.08.2025 18:23:12

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, some OpenBao deployments intentionally limit privileged API operators from executing...

7.2

CVE-2025-54996

  • EPSS 0.07%
  • Veröffentlicht 09.08.2025 01:32:09
  • Zuletzt bearbeitet 12.08.2025 20:51:06

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces...

7.5

CVE-2025-52894

  • EPSS 0.11%
  • Veröffentlicht 25.06.2025 16:59:02
  • Zuletzt bearbeitet 12.08.2025 20:51:16

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and re...

4.5

CVE-2025-52893

  • EPSS 0.07%
  • Veröffentlicht 25.06.2025 16:54:50
  • Zuletzt bearbeitet 12.08.2025 20:53:50

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate fro...