OpenBao and Vault Leak []byte Fields in Audit Logs

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.

N/A

通过日志文件的信息暴露

OpenBao 日志信息泄露漏洞

OpenBao是OpenBao开源的一个敏感数据管理软件。 OpenBao 2.4.2之前版本存在日志信息泄露漏洞，该漏洞源于审计日志未正确编辑字节数组响应参数，可能导致敏感数据泄露。

N/A

N/A