CVE-2022-23452

CWE-863Incorrect Authorization9 documents7 sources
Severity
4.9MEDIUM
EPSS
0.4%
top 39.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack BarbicanRedhat Openstack Platform
Timeline
PublishedSep 1
Latest updateSep 2

Description

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages6 packages

NVDopenstack/barbican< 14.0.0
CVEListV5openstack/barbicanFixed in v14.0.0
PyPIbarbican< 14.0.0
Debianbarbican< 1:14.0.0~rc1-2+2
Ubuntubarbican< 1:6.0.1-0ubuntu1.1+1

Patches

Patch: review.opendev.orgPatch: review.opendev.org

🔴Vulnerability Details

5
GHSA
openstack-barbican Denial of Service vulnerability2022-09-02
OSV
openstack-barbican Denial of Service vulnerability2022-09-02
CVEList
CVE-2022-23452: An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container2022-09-01
OSV
CVE-2022-23452: An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container2022-09-01
OSV
barbican vulnerabilities2022-04-25

📋Vendor Advisories

3
Ubuntu
Barbican vulnerabilities2022-04-25
Debian
CVE-2022-23452: barbican - An authorization flaw was found in openstack-barbican, where anyone with an admi...2022
Red Hat
openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers2021-12-13
CVE-2022-23452 (MEDIUM CVSS 4.9) | An authorization flaw was found in | cvebase.io