2 matches found
Information Disclosure
OpenBao is vulnerable to an Information Disclosure Vulnerability. The vulnerability is due to a regression in audit log redaction, where raw HTTP request bodies for ACME and OIDC issuer endpoints are not properly HMAC-redacted, allowing short-lived ACME verification codes, authentication response...
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Impact What kind of vulnerability is it? Who is impacted? If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. Patches Has the problem been patched? What versions should use...