GHSA-Q8CJ-789H-VG24 OpenBao's Inline Auth Incorrectly Redacted Headers

Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source...

PT-2019-12524 · Go · Go Cryptography Libraries

Name of the Vulnerable Software and Affected Versions: supplementary Go cryptography libraries affected versions not specified Description: A message-forgery issue was discovered in the supplementary Go cryptography libraries. According to the OpenPGP Message Format specification in RFC 4880...