Settings

Theme

Researchers Uncover RCE Attack Chains in HashiCorp Vault and CyberArk Conjur

csoonline.com

29 points by GavCo a year ago · 8 comments

Reader

yodon a year ago

Also discussed in https://news.ycombinator.com/item?id=44821434

milliams a year ago

Does this affect OpenBao as well?

  • JanMa a year ago

    Yes this does affect OpenBao as well. We're actively working on getting a fix out as soon as possible

  • Scandiravian a year ago

    Even more importantly; were these vulnerabilities responsibly disclosed to the OpenBao project before they were published?*

    *Assuming OpenBao has a process in place for this

    • JanMa a year ago

      This does affect OpenBao as well. We do have a process in place for responsible disclosure but unfortunately we were not informed about those issues before they were published.

      • Scandiravian a year ago

        Thank you for being communicative about this and for the great work you're doing on OpenBao

        I'm very disappointed to hear that the researchers didn't do their due diligence and informed the OpenBao project about this issue before publishing

        I imagine this is a stressful situation for everyone involved in the project, so I hope the researchers will do some reflections on how they can avoid this situation happening in the future

  • chucky_z a year ago

    Almost all of these except the enterprise MFA control group stuff will be in OpenBao yeah

Keyboard Shortcuts

j
Next item
k
Previous item
o / Enter
Open selected item
?
Show this help
Esc
Close modal / clear selection