CNNVD-202510-2805 Information

CNNVD ID

CNNVD-202510-2805

Related CVE

CVE-2025-62513

• CNNVD Published: 2025-10-22

Description (Chinese)

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.2.0版本至2.4.1版本存在日志信息泄露漏洞，该漏洞源于审计日志未正确编辑原始HTTP主体，可能导致ACME验证码和OIDC响应代码泄露。

Description (English)

OpenBao is a sensitive data management software for OpenBao open source. OpenBao Versions 2.2.0 to 2.4.1 contain log information leaks that stem from the audit log ’ s incorrect editing of the original HTTP subject, which may result in the disclosure of the ACME authentication code and the OIDC response code.

Hazard Level

High

Vulnerability Type

日志信息泄露

Affected Vendor

OpenBao

Published

2025-10-22

Last Modified

2026-02-24

References

https://github.com/openbao/openbao/commit/cc2c476bac66e1d94776c2629793daec3af625f8 https://github.com/openbao/openbao/security/advisories/GHSA-ghfh-fmx4-26h8 https://access.redhat.com/security/cve/cve-2025-62513

Patch

https://github.com/openbao/openbao/releases