CVE-2022-23452
published 2022-09-01CVE-2022-23452: An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an…
medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | barbican | < barbican 1:14.0.0~rc1-2 (bookworm) | barbican 1:14.0.0~rc1-2 (bookworm) |
| openstack | barbican | < 14.0.0 | 14.0.0 |
| openstack | barbican | — | — |
| openstack | barbican | >= 0 < 1:14.0.0~rc1-2 | 1:14.0.0~rc1-2 |
| openstack | barbican | >= 0 < 1:14.0.0~rc1-2 | 1:14.0.0~rc1-2 |
| openstack | barbican | >= 0 < 1:14.0.0~rc1-2 | 1:14.0.0~rc1-2 |
| openstack | barbican | >= 0 < 14.0.0 | 14.0.0 |
| openstack | barbican | >= 0 < 1:6.0.1-0ubuntu1.1 | 1:6.0.1-0ubuntu1.1 |
| openstack | barbican | >= 0 < 1:10.1.0-0ubuntu2.1 | 1:10.1.0-0ubuntu2.1 |
| redhat | openstack_platform | — | — |
CVSS provenance
nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv8.1HIGH