GHSA-HVC7-763R-4F3H openssl-encrypt has no owner verification on key revocation — any client can revoke any key
Summary The revokekey method in opensslencryptserver/modules/keyserver/service.py at lines 195-270 accepts a clientid parameter but never verifies that the requesting client is the same as key.ownerclientid. Impact Any authenticated client can revoke any other client's key, as long as they provid...