4 matches found
Fedora: Security Advisory (FEDORA-2025-4bf7795b4e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openbao-2.4.3-1.1 on GA media (moderate)
openbao-2.4.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15663-1 Rating: moderate Cross-References: CVE-2025-62513 CVE-2025-62705 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues fixed in the...
CVE-2025-62513
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...
CVE-2025-62513
CVE-2025-62513 concerns OpenBao versions 2.2.0–2.4.1 where raw HTTP bodies were not redacted in the audit log, exposing ACME verification codes and OIDC/auth-related response data. The root cause is a logging regression affecting audit logs rather than a codepath in normal operation. The issue is...