CNNVD-202508-809 Information
CNNVD ID
CNNVD-202508-809
Related CVE
- CNNVD Published: 2025-08-09
Description (Chinese)
OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 0.1.0至2.3.1版本存在安全漏洞,该漏洞源于userpass认证方法存在用户枚举风险,可能导致信息泄露。
Description (English)
OpenBao is a sensitive data management software for OpenBao open source. There is a security loophole in OpenBao versions 0.1.0 to 2.3.1, which stems from the user-inclusion risk of the userpass authentication method, which may lead to the disclosure of information.
Hazard Level
Critical
Vulnerability Type
其他
Published
2025-08-09
Last Modified
2026-02-24
References
https://github.com/openbao/openbao/security/advisories/GHSA-hh28-h22f-8357 https://discuss.hashicorp.com/t/hcsec-2025-21-vault-user-enumeration-in-userpass-auth-method/76095 https://github.com/openbao/openbao/commit/4d9b5d3d6486ab9fbd5b644173fa0097015d6626 https://discuss.hashicorp.com/t/hcsec-2025-15-timing-side-channel-in-vault-s-userpass-auth-method/76034 https://access.redhat.com/security/cve/cve-2025-54999
Patch
https://github.com/openbao/openbao/releases
Share on: