Openbao

Openbao

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-54996

  • EPSS 0.05%
  • Veröffentlicht 09.08.2025 01:32:09
  • Zuletzt bearbeitet 12.08.2025 20:51:06

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces...

7.5

CVE-2025-52894

  • EPSS 0.04%
  • Veröffentlicht 25.06.2025 16:59:02
  • Zuletzt bearbeitet 12.08.2025 20:51:16

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and re...

4.5

CVE-2025-52893

  • EPSS 0.01%
  • Veröffentlicht 25.06.2025 16:54:50
  • Zuletzt bearbeitet 12.08.2025 20:53:50

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs when processing malformed data. This is separate fro...

6.5

CVE-2025-4166

  • EPSS 0.04%
  • Veröffentlicht 02.05.2025 14:57:58
  • Zuletzt bearbeitet 31.12.2025 00:49:39

Vault Community and Vault Enterprise Key/Value (kv) Version 2 plugin may unintentionally expose sensitive information in server and audit logs when users submit malformed payloads during secret creation or update operations via the Vault REST API. Th...

7.5

CVE-2024-8185

  • EPSS 0.59%
  • Veröffentlicht 31.10.2024 16:15:06
  • Zuletzt bearbeitet 13.11.2025 17:40:36

Vault Community and Vault Enterprise (“Vault”) clusters using Vault’s Integrated Storage backend are vulnerable to a denial-of-service (DoS) attack through memory exhaustion through a Raft cluster join API endpoint . An attacker may send a large volu...

7.2

CVE-2024-9180

  • EPSS 0.29%
  • Veröffentlicht 10.10.2024 21:15:05
  • Zuletzt bearbeitet 31.12.2025 00:49:50

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s privileges to Vault’s root policy. Fixed in Vault Community Edition 1.18.0 and Vault Enterprise 1.18.0, 1.17.7, 1....

8.8

CVE-2024-7594

  • EPSS 0.54%
  • Veröffentlicht 26.09.2024 20:15:07
  • Zuletzt bearbeitet 13.11.2025 17:51:32

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized use...

9.8

CVE-2024-2048

  • EPSS 0.19%
  • Veröffentlicht 04.03.2024 20:15:50
  • Zuletzt bearbeitet 13.11.2025 17:51:43

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious cert...