Tag

Acl-Bypass

2 briefs RSS

OpenBao Cross-Namespace Lease Revocation via Legacy sys/revoke Path

OpenBao versions up to 2.5.3 allow cross-namespace lease revocation by exploiting legacy sys/revoke endpoints, potentially leading to unauthorized credential access and denial of service.

openbao/openbao vulnerability acl-bypass secrets-management

2r 1t 3w ago

high advisory

CoreDNS Transfer Plugin ACL Bypass Vulnerability

2 rules 1 TTP

CoreDNS' transfer plugin prior to version 1.14.3 can select the wrong ACL stanza due to lexicographic comparison, leading to unauthorized zone transfers by clients intended to be denied by subzone-specific transfer policies.

CoreDNS cve-2026-33489 acl-bypass dns zone-transfer

2r 1t Jan 3, 2024