2 matches found
GHSA-8W8F-R2XV-4Q4J OpenBao: Transit secrets engine crashes on key creation with `derived: true` for asymmetric key types
On OpenBao 2.5.4 and 2.5.2and likely earlier versions also, an authenticated caller with write access to transit/keys/ can crash the OpenBao server by issuing a single key-creation request that combines an asymmetric type rsa-, ecdsa-, ed25519 with derived: true. The server returns no HTTP respon...
CVE-2025-62705
OpenBao (open-source secret management) before version 2.4.2 could emit unredacted data to audit logs when []byte response parameters were used, including base64-encoded data in sys/raw and public keys during Ed25519 signing in Transit. The CVE IDs CVE-2025-62513 and CVE-2025-62705 have fixes in ...