OpenBao Information Disclosure Vulnerability in Log Processing
Vulnerability
A vulnerability in OpenBao prior to version 2.3.0 may lead to the unintentional leakage of sensitive information in logs. This occurs when the application processes malformed data, creating a risk of exposing secrets, certificates, or keys. The issue has been addressed in OpenBao version 2.3.0 and later. Users are advised to ensure that all client requests are properly formatted, as no specific workaround exists for this vulnerability.
Impact
The vulnerability allows for sensitive information, such as secrets and certificates, to be exposed in application logs.
Remediation
Users can update to OpenBao version 2.3.0 or later to address this vulnerability. After updating, it is recommended to review server and audit logs for any exposed sensitive information. If any matches are found, rotating the affected secret is advised.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.