Lucene search
+L

34 matches found

susecve
susecve
added 2025/11/26 12:23 a.m.8 views

SUSE CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

6.5CVSS6.8AI score0.00322EPSS
Exploits0References3
snyk
snyk
added 2025/11/25 12:42 a.m.1 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity/groups endpoints. An attacker can gain unauthorized root-level permissions by adding a root policy to a group, thereby escalating their own or another user's privileges. Note: This is only...

7.5CVSS7AI score0.00322EPSS
Exploits0References2
osv
osv
added 2025/11/24 9:51 p.m.3 views

GHSA-7FF4-JW48-3436 OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation

Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...

7.5CVSS6.7AI score0.00322EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2025/11/24 12:0 a.m.15 views

PT-2025-47976

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.4.4 Description OpenBao is an identity-based secrets management system. A privileged operator could leverage the identity group subsystem to add a root policy to a group identity group, potentially escalating their...

10CVSS6.7AI score0.17653EPSS
Exploits8References57
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24038

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00487EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-3134

Malicious code in bioql PyPI...

7.2CVSS7.5AI score0.00528EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-23388

Malicious code in bioql PyPI...

7.2CVSS6.5AI score0.00487EPSS
Exploits0References3
veracode
veracode
added 2025/08/20 9:23 a.m.5 views

Privilege Escalation

github.com/hashicorp/vault is vulnerable to privilege escalation. The vulnerability is due to a privileged operator with write permissions to the root namespace’s identity endpoint being able to escalate their own or another user’s token privileges, which allows an attacker to gain Vault’s root...

7.2CVSS7.5AI score0.00487EPSS
Exploits0References3Affected Software1
susecve
susecve
added 2025/08/12 11:36 p.m.4 views

SUSE CVE-2025-5999

A privileged Vault operator with write permissions to the root namespace's identity endpoint could escalate their own or another user's token privileges to Vault's root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

7.2CVSS7.1AI score0.00487EPSS
Exploits0References3
susecve
susecve
added 2025/08/11 11:22 p.m.3 views

SUSE CVE-2025-54996

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS6.7AI score0.00308EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/08/11 2:30 a.m.13 views

CVE-2025-54996

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS6.6AI score0.00308EPSS
Exploits0References1
nvd
nvd
added 2025/08/09 2:15 a.m.5 views

CVE-2025-54996

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS0.00308EPSS
Exploits0References3
cve
cve
added 2025/08/09 1:32 a.m.46 views

CVE-2025-54996

CVE-2025-54996 — OpenBao root namespace privilege escalation. OpenBao versions 2.3.1 and earlier allow accounts with access to highly-privileged identity entity systems in the root namespace to directly elevate scope to the root policy. The identity system can add policies that grant capabilities...

7.2CVSS6.5AI score0.00308EPSS
Exploits0References3Affected Software1
alpinelinux
alpinelinux
added 2025/08/09 1:32 a.m.12 views

CVE-2025-54996

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS6.7AI score0.00308EPSS
Exploits0
osv
osv
added 2025/08/09 1:32 a.m.11 views

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS6.4AI score0.00308EPSS
Exploits0References5
cvelist
cvelist
added 2025/08/09 1:32 a.m.8 views

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS0.00308EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/08/09 1:32 a.m.2 views

CVE-2025-54996 OpenBao Root Namespace Operator May Elevate Token Privileges

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to...

7.2CVSS6.8AI score0.00308EPSS
Exploits0References3
osv
osv
added 2025/08/08 2:32 p.m.7 views

GHSA-VF84-MXRQ-CRQC OpenBao Root Namespace Operator May Elevate Token Privileges

Impact Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root...

7.2CVSS6.6AI score0.00487EPSS
Exploits0References8
github
github
added 2025/08/08 2:32 p.m.13 views

OpenBao Root Namespace Operator May Elevate Token Privileges

Impact Accounts with access to the highly-privileged identity entity system in the root namespace may increase their scope directly to the root policy. While the identity system always allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root...

7.2CVSS6.3AI score0.00308EPSS
Exploits0References8Affected Software1
ptsecurity
ptsecurity
added 2025/08/08 12:0 a.m.10 views

PT-2025-32379

Name of the Vulnerable Software and Affected Versions OpenBao versions 2.3.1 and below Description OpenBao is a software solution for managing, storing, and distributing sensitive data. In affected versions, accounts with access to highly-privileged identity entity systems in root namespaces coul...

8.3CVSS5.9AI score0.00308EPSS
Exploits0References57
Rows per page
Query Builder