3 matches found
CVE-2025-62705
OpenBao (open-source secret management) before version 2.4.2 could emit unredacted data to audit logs when []byte response parameters were used, including base64-encoded data in sys/raw and public keys during Ed25519 signing in Transit. The CVE IDs CVE-2025-62513 and CVE-2025-62705 have fixes in ...
CVE-2025-62513
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...
CVE-2025-62513 OpenBao leaks HTTPRawBody in Audit Logs
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted HMAC'd. This impacts those using the ACME functionality of PKI, resulting in...