CNNVD-202506-3191 Information

CNNVD ID

CNNVD-202506-3191

Related CVE

CVE-2025-52893

• CNNVD Published: 2025-06-25

Description (Chinese)

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.3.0之前版本存在日志信息泄露漏洞，该漏洞源于处理畸形数据时可能泄露敏感信息。

Description (English)

OpenBao is a sensitive data management software for OpenBao open source. Before OpenBao 2.3.0, there was a leak in log information, which stemmed from the possibility of leaking sensitive information when processing abnormal data.

Hazard Level

High

Vulnerability Type

日志信息泄露

Affected Vendor

OpenBao

Published

2025-06-25

Last Modified

2026-02-24

References

https://github.com/openbao/openbao/commit/cf5e920badbf96b41253534a3fd5ff5063bf4b30 https://github.com/openbao/openbao/security/advisories/GHSA-8f5r-8cmq-7fmq https://github.com/go-viper/mapstructure/pull/105 https://github.com/go-viper/mapstructure/commit/ed3f92181528ff776a0324107b8b55026e93766a https://github.com/go-viper/mapstructure/releases/tag/v2.3.0 https://discuss.hashicorp.com/t/hcsec-2025-09-vault-may-expose-sensitive-information-in-error-logs-when-processing-malformed-data-with-the-kv-v2-plugin/74717 https://nvd.nist.gov/vuln/detail/CVE-2025-52893

Patch

https://openbao.org/downloads/