step-ca Has Improper Authorization Check for SSH Certificate Revocation
An authorized attacker can bypass authorization checks and revoke any SSH certificate issued by Step CA by using a valid revocation token.
Advisories for Golang/Github.com/Smallstep/Certificates package
2025
Step CA Has Authorization Bypass in ACME and SCEP Provisioners
A security fix is now available for Step CA that resolves a vulnerability affecting deployments configured with ACME and/or SCEP provisioners. All operators running these provisioners should upgrade to the latest release (v0.29.0) immediately. The issue was discovered and disclosed by a research team during a security review. There is no evidence of active exploitation. To limit exploitation risk during a coordinated disclosure window, we are withholding detailed technical information …