8 matches found
SUSE CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...
CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...
CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...
CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...
CVE-2025-64761
OpenBao Open Source Secrets Management (OpenBao) is affected by CVE-2025-64761 prior to version 2.4.4. A privileged operator in the root namespace could abuse the identity group subsystem to add a root policy to a group, escalating permissions. Alternatively, an operator with policy access could ...
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation
Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...
GHSA-7FF4-JW48-3436 OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation
Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...
PT-2025-47976
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.4.4 Description OpenBao is an identity-based secrets management system. A privileged operator could leverage the identity group subsystem to add a root policy to a group identity group, potentially escalating their...