Bug 2405883 (CVE-2025-62513)
| Summary: | CVE-2025-62513 github.com/openbao/openbao/audit: OpenBao leaks HTTPRawBody in Audit Logs | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC'd). This impacted the following subsystems: When using the ACME functionality of PKI, this would result in short-lived ACME verification challenge codes being leaked in the audit logs. When using the OIDC issuer functionality of the identity subsystem, auth and token response codes along with claims could be leaked in the audit logs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2405900, 2405901, 2405902, 2405903, 2405904 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-22 20:01:58 UTC
|