GO-2025-4067 OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method in github.com/openbao/openbao-plugins

OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method in github.com/openbao/openbao-plugins. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

CVE-2025-59048

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...

CVE-2025-59048

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a...

OpenBao Plugin AWS 安全漏洞

OpenBao and OpenBao Plugins are both OpenBao open source products.OpenBao is a sensitive data management software.OpenBao Plugins is a plugin. A security vulnerability exists in OpenBao Plugin AWS versions prior to 0.1.1 that stems from a cross-account IAM role emulation issue in the AWS...

PT-2025-43523

Name of the Vulnerable Software and Affected Versions OpenBao AWS Plugin versions prior to 0.1.1 Description The OpenBao AWS Plugin generates AWS access credentials based on IAM policies. Versions of the plugin prior to 0.1.1 are susceptible to cross-account IAM role Impersonation within the AWS...