It's a good writeup, and I understand that it's Black Hat week and so the intensity meter is dialed up to 11 on these things. Some of these vulnerabilities are pretty clever. But these are mostly situational, things that would typically get sev:med or lower on an assessment.

The RCE reported here is the product of an admin->root (Vault root, not Unix root) privilege escalation that already required a privileged account. It's a good bug! They got audit logs to get parsed as an executable plugin. The privilege escalation bug they used to allow admin accounts to set up plugins is also clever (they noticed that the sanity check for assuming the "root" token hardcoded "root", but the code that actually selected the token sanitized the token name, so you could use " ROOT").