MEDIUM

GHSA-q8cj-789h-vg24

OpenBao's Inline Auth Incorrectly Redacted Headers

상세

### Impact

OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being retained in cleartext. This requires an attacker to compromise access to the audit device. Operators should review leaked source authentication material and rotate it as appropriate.

### Patches

This is fixed in OpenBao v2.5.4.

### Resources

https://github.com/openbao/openbao/issues/3074

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Go / github.com/openbao/openbao

최초 영향 버전: 0 수정 버전: 2.5.4

수정 go get github.com/openbao/openbao@v2.5.4

참고

https://github.com/openbao/openbao/security/advisories/GHSA-q8cj-789h-vg24 [WEB]
https://github.com/openbao/openbao/issues/3074 [WEB]
https://github.com/openbao/openbao/pull/3076 [WEB]
https://github.com/openbao/openbao/commit/131c6966af4dfb4e1906703436eecdb8f2a3e9df [WEB]
https://github.com/openbao/openbao [PACKAGE]
https://github.com/openbao/openbao/releases/tag/v2.5.4 [WEB]