Researchers Uncover RCE Attack Chains in HashiCorp Vault and CyberArk Conjur (opens in new tab)

(csoonline.com)

29 pointsGavCo10mo ago7 comments

7 comments

6 comments · 2 top-level

milliams10mo ago· 4 in thread

Does this affect OpenBao as well?

JanMa10mo ago

Yes this does affect OpenBao as well. We're actively working on getting a fix out as soon as possible

Scandiravian10mo ago

Even more importantly; were these vulnerabilities responsibly disclosed to the OpenBao project before they were published?*

*Assuming OpenBao has a process in place for this

JanMa10mo ago

This does affect OpenBao as well. We do have a process in place for responsible disclosure but unfortunately we were not informed about those issues before they were published.

1 more reply

chucky_z10mo ago

Almost all of these except the enterprise MFA control group stuff will be in OpenBao yeah

yodon10mo ago

Also discussed in https://news.ycombinator.com/item?id=44821434

j / k navigate · click thread line to collapse

7 comments

6 comments · 2 top-level

milliams10mo ago· 4 in thread

Does this affect OpenBao as well?

JanMa10mo ago

Yes this does affect OpenBao as well. We're actively working on getting a fix out as soon as possible

Scandiravian10mo ago

Even more importantly; were these vulnerabilities responsibly disclosed to the OpenBao project before they were published?*

*Assuming OpenBao has a process in place for this

JanMa10mo ago

This does affect OpenBao as well. We do have a process in place for responsible disclosure but unfortunately we were not informed about those issues before they were published.

1 more reply

chucky_z10mo ago

Almost all of these except the enterprise MFA control group stuff will be in OpenBao yeah

yodon10mo ago

Also discussed in https://news.ycombinator.com/item?id=44821434

j / k navigate · click thread line to collapse