2 matches found
PT-2026-42809
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.4 Description In the Kerberos authentication method, the GET handler or the use of an Authorization: Negotiate header causes the response to include a logical.Auth object alongside an error message. This leads to...
PT-2026-42808
Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.4 Description The inline auth functionality incorrectly redacts audit log entries. This causes non-auth headers to be removed while auth-related headers are retained in cleartext. Exploitation requires an attacker...