Researchers Uncover RCE Attack Chains in HashiCorp Vault and CyberArk Conjur (opens in new tab)

(csoonline.com)

29 pointsGavCo7mo ago7 comments

7 comments

yodon7mo ago

Also discussed in https://news.ycombinator.com/item?id=44821434

milliams7mo ago

Does this affect OpenBao as well?

JanMa7mo ago

Yes this does affect OpenBao as well. We're actively working on getting a fix out as soon as possible

Scandiravian7mo ago

Even more importantly; were these vulnerabilities responsibly disclosed to the OpenBao project before they were published?*

*Assuming OpenBao has a process in place for this

JanMa7mo ago

This does affect OpenBao as well. We do have a process in place for responsible disclosure but unfortunately we were not informed about those issues before they were published.

1 more reply

chucky_z7mo ago

Almost all of these except the enterprise MFA control group stuff will be in OpenBao yeah

j / k navigate · click thread line to collapse

7 comments

yodon7mo ago

Also discussed in https://news.ycombinator.com/item?id=44821434

milliams7mo ago

Does this affect OpenBao as well?

JanMa7mo ago

Yes this does affect OpenBao as well. We're actively working on getting a fix out as soon as possible

Scandiravian7mo ago

Even more importantly; were these vulnerabilities responsibly disclosed to the OpenBao project before they were published?*

*Assuming OpenBao has a process in place for this

JanMa7mo ago

This does affect OpenBao as well. We do have a process in place for responsible disclosure but unfortunately we were not informed about those issues before they were published.

1 more reply

chucky_z7mo ago

Almost all of these except the enterprise MFA control group stuff will be in OpenBao yeah

j / k navigate · click thread line to collapse