CVE-2025-59048
OpenBao's AWS Plugin (auth-aws) is affected by CVE-2025-59048: prior to v0.1.1, cross-account IAM role impersonation is possible when an untrusted account has a role with the same name as a trusted account, enabling unauthorized access in multi-account AWS setups. The issue has a patch in v0.1.1;...