Lucene search
+L

427 matches found

RedhatCVE
RedhatCVE
added 2026/04/21 12:47 p.m.8 views

CVE-2026-39388

A flaw was found in OpenBao, an open source identity-based secrets management system. When renewing tokens using the Certificate authentication method with disablebinding=true, the system incorrectly verifies the presented mTLS mutual Transport Layer Security certificate. This vulnerability allow...

3.1CVSS5.7AI score0.00101EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/21 12:16 p.m.6 views

SUSE CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

3.1CVSS5.7AI score0.00101EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/21 12:16 p.m.7 views

SUSE CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

6.5CVSS5.8AI score0.00218EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/04/21 12:16 p.m.6 views

SUSE CVE-2026-39946

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

4.9CVSS5.8AI score0.00235EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/21 12:16 p.m.7 views

SUSE CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2.7CVSS5.8AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/21 11:46 a.m.6 views

CVE-2026-39946

A flaw was found in OpenBao. When OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, it failed to use proper database quoting on schema names. This oversight could lead to role revocation failures or, in rarer instances, allow a management user to perform SQL injectio...

4.9CVSS5.8AI score0.00235EPSS
Exploits0References4
NVD
NVD
added 2026/04/21 1:16 a.m.4 views

CVE-2026-39388

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and disablebinding=true is set, attempts to verify the current request's presented mTLS certificate matches the original. Toke...

3.1CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 1:16 a.m.8 views

CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

6.5CVSS0.00218EPSS
Exploits1References1
NVD
NVD
added 2026/04/21 1:16 a.m.7 views

CVE-2026-39946

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...

4.9CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 1:16 a.m.6 views

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2.7CVSS0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 12:47 a.m.20 views

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, a tenant that leaks token accessors could have their token revoked or renewed by a privileged administrator in another tenant. This cross-namespace exposure is mitigated in version 2.5.3. The CVE entry not...

2.7CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/21 12:47 a.m.24 views

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2.7CVSS5.4AI score0.00301EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/21 12:47 a.m.31 views

CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:47 a.m.3 views

CVE-2026-40264

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/21 12:47 a.m.2 views

CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2CVSS6AI score0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 12:47 a.m.11 views

CVE-2026-40264 OpenBao's Token Store Allows Cross-Namespace Renewal, Revocation

OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their token revoked or renewed by a privileged administrator in another tenant. This is addressed in v2.5.3...

2CVSS5.8AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:44 a.m.3 views

CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

3.1CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/21 12:44 a.m.30 views

CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

3.1CVSS0.00218EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 12:44 a.m.5 views

CVE-2026-39396 OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

3.1CVSS5.8AI score0.00218EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/04/21 12:44 a.m.5 views

CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

6.5CVSS5.8AI score0.00218EPSS
Exploits1
Rows per page
Query Builder