CVE-2023-1636 — Improper Isolation or Compartmentalization in Barbican

CWE-653 — Improper Isolation or Compartmentalization6 documents6 sources

Severity

5.0MEDIUMNVD

CNA6.0

EPSS

0.1%

top 77.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Barbican Redhat Openstack Platform

Timeline

PublishedSep 24

Description

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

▶PyPIopenstack/barbican16.0.0

▶NVDredhat/openstack_platform16.1, 16.2, 17.0+2

🔴Vulnerability Details

OSV

OpenStack Barbican information disclosure vulnerability↗2023-09-24

▶

GHSA

OpenStack Barbican information disclosure vulnerability↗2023-09-24

▶

CVEList

Incomplete container isolation↗2023-09-24

▶

📋Vendor Advisories

Red Hat

openstack-barbican: incomplete container isolation↗2023-04-21

▶

Debian

CVE-2023-1636: barbican - A vulnerability was found in OpenStack Barbican containers. This vulnerability i...↗2023

▶