CVE-2023-1633

CWE-200Information ExposureCWE-522Insufficiently Protected Credentials6 documents6 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 93.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack Platform
Timeline
PublishedSep 24

Description

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:LExploitability: 1.8 | Impact: 4.7

Affected Packages2 packages

PyPIbarbican16.0.0
NVDredhat/openstack_platform16.1, 16.2, 17.0+2

🔴Vulnerability Details

3
OSV
OpenStack Barbican credential leak flaw2023-09-24
CVEList
Insecure barbican configuration file leaking credential2023-09-24
GHSA
OpenStack Barbican credential leak flaw2023-09-24

📋Vendor Advisories

2
Red Hat
openstack-barbican: Insecure Barbican configuration file leaking credential2023-04-21
Debian
CVE-2023-1633: barbican - A credentials leak flaw was found in OpenStack Barbican. This flaw allows a loca...2023
CVE-2023-1633 (MEDIUM CVSS 5.5) | A credentials leak flaw was found i | cvebase.io