Published: 06/09/2022 Updated: 12/02/2023

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 0

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack barbican
redhat openstack platform 16.1
redhat openstack platform 13.0
redhat openstack platform 16.2

Several security issues were fixed in barbican ...

Synopsis Moderate: Red Hat OpenStack Platform 162 (openstack-barbican) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-barbican is now available for Red Hat OpenStackPlatform 1623 ...

Synopsis Moderate: Red Hat OpenStack Platform 1619 (openstack-barbican) security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-barbican is now available for Red Hat OpenStackPlatform 161 ...

CWE-863 https://review.opendev.org/c/openstack/barbican/+/811236 https://bugzilla.redhat.com/show_bug.cgi?id=2025089 https://access.redhat.com/security/cve/CVE-2022-23451 https://bugzilla.redhat.com/show_bug.cgi?id=2022878 https://storyboard.openstack.org/#%21/story/2009253 https://ubuntu.com/security/notices/USN-5387-1 https://nvd.nist.gov

CVE-2022-23451

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect