OpenBao allows cancellation of root rekey and recovery rekey operations without authentication
OpenBao and HashiCorp Vault allowed an attacker to perform unauthenticated, unaudited cancellation of root rekey and recovery rekey operations, effecting a denial of service.