CVE-2022-3100

Synopsis Important: Red Hat OpenStack Platform (openstack-barbican) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-barbican is now available for Red Hat OpenStackPlatformRed Hat P ...

Debian Bug report logs - #1021139 barbican: CVE-2022-3100 Package: src:barbican; Maintainer for src:barbican is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 2 Oct 2022 18:15:07 UTC Severity: grave Tags: security, upstream Reply or subscribe t ...

Douglas Mendizabal discovered that Barbican, the OpenStack Key Management Service, incorrectly parsed requests which could allow an authenticated user to bypass Barbican access policies For the stable distribution (bullseye), this problem has been fixed in version 1:1100-3+deb11u1 We recommend that you upgrade your barbican packages For the de ...

Description<!----> A flaw was found in the openstack-barbican component This issue allows an access policy bypass via a query string when accessing the API A flaw was found in the openstack-barbican component This issue allows an access policy bypass via a query string when accessing the API ...