5 matches found
CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52894
CVE-2025-52894 affects OpenBao prior to v2.3.0, where an unauthenticated, unaudited cancellation of root rekey and recovery rekey operations could cause a denial of service. In OpenBao v2.2.0 and later, operators can disable the unauthed rekey endpoints on global listeners by setting disable_unau...
CVE-2025-52894 OpenBao Vulnerable to Unauthenticated Rekey Operation Cancellation
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...
CVE-2025-52894
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of...