CVE-2022-3100

CWE-305CWE-5019 documents9 sources
Severity
5.9MEDIUM
EPSS
0.2%
top 57.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat OpenstackRedhat Openstack FOR IBM PowerRedhat Openstack Platform
Timeline
PublishedJan 18

Description

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 1.6 | Impact: 4.2

Affected Packages4 packages

Debianbarbican< 1:11.0.0-3+deb11u1+3
NVDredhat/openstack4 versions+3
CVEListV5red_hat_openstack_platform13.0-17.0

🔴Vulnerability Details

3
CVEList
CVE-2022-3100: A flaw was found in the openstack-barbican component2023-01-18
OSV
CVE-2022-3100: A flaw was found in the openstack-barbican component2023-01-18
GHSA
GHSA-5hg3-ffv7-g5ff: A flaw was found in the openstack-barbican component2023-01-18

📋Vendor Advisories

4
Cisco
Cisco Secure Firewall 3100 Series Secure Boot Bypass Vulnerability2022-11-09
Ubuntu
Barbican vulnerability2022-10-25
Red Hat
openstack-barbican: access policy bypass via query string injection2022-09-28
Debian
CVE-2022-3100: barbican - A flaw was found in the openstack-barbican component. This issue allows an acces...2022