CNNVD-202510-3231 Information
CNNVD ID
CNNVD-202510-3231
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
OpenBao和OpenBao Plugins都是OpenBao开源的产品。OpenBao是一个敏感数据管理软件。OpenBao Plugins是一个插件。 OpenBao Plugin AWS 0.1.1之前版本存在安全漏洞,该漏洞源于AWS身份验证方法中存在跨账户IAM角色模拟问题,可能导致未经授权的访问。
Description (English)
OpenBao and OpenBao Plugins are open-source products of OpenBao. OpenBao is a sensitive data management software. OpenBao Plugins is a plugin. There was a security loophole in the previous version of OpenBao Plugin AWS 0.1.1, which stemmed from the cross-account IAM role simulation in the AWS identification method, which could lead to unauthorized access.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
OpenBao
Published
2025-10-23
Last Modified
2026-02-24
References
https://github.com/openbao/openbao-plugins/commit/2a77af36834746ca6d3ac9bd1049154c84b3efae https://github.com/openbao/openbao-plugins/security/advisories/GHSA-jp7h-4f3c-9rc7
Patch
https://github.com/openbao/openbao-plugins/releases
Share on: