CNNVD-202506-3192 Information
CNNVD ID
CNNVD-202506-3192
Related CVE
- CNNVD Published: 2025-06-25
Description (Chinese)
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.3.0之前版本存在输入验证错误漏洞,该漏洞源于允许未经身份验证取消根密钥重新生成操作,可能导致拒绝服务。
Description (English)
OpenBao is a sensitive data management software for OpenBao open source. Before OpenBao 2.3.0, there was an input authentication error loophole, which resulted from allowing the ungenerated regeneration of the root key without authentication, which could lead to the denial of services.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
OpenBao
Published
2025-06-25
Last Modified
2026-02-24
References
https://openbao.org/docs/deprecation https://github.com/openbao/openbao/commit/fe75468822a22a88318c6079425357a02ae5b77b https://github.com/openbao/openbao/security/advisories/GHSA-prpj-rchp-9j5h https://openbao.org/docs/deprecation/unauthed-rekey https://nvd.nist.gov/vuln/detail/CVE-2025-52894
Patch
https://github.com/openbao/openbao/releases
Share on: