step-ca Has Improper Authorization Check for SSH Certificate Revocation
A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with the SSHPOP provisioner. All operators running these provisioners should upgrade to the latest release (v0.29.0) immediately. The issue was discovered and responsibly disclosed by a research team during a security review. There is no evidence of active exploitation. To limit exploitation risk during a coordinated disclosure window, we are withholding detailed technical information …