4 matches found
CVE-2026-39946
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation...
PT-2026-33884
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.3 Description OpenBao is an open source identity-based secrets management system. In the PostgreSQL database secrets engine, the system fails to use proper database quoting on schema names provided by PostgreSQL...
Role might be granted and revoked at the same block to manipulate the role supply and result in incorrect behavior of relative strategy
Lines of code Vulnerability details Impact There is a potential issue where a role can be granted, votes can be cast, and then the role can be revoked in the same block. This can lead to incorrect behavior of relative strategy in manipulating the vote supply. The problem arises because the role...
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles...