Openstack Barbican

CPE Details

Openstack Barbican
openstack
barbican
-
2022-09-07
13h16 +00:00
2022-09-07
14h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

barbican

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-1633 2023-09-24 00h09 +00:00 A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
6.6
Medium
CVE-2023-1636 2023-09-24 00h09 +00:00 A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
6
Medium
CVE-2022-3100 2023-01-18 00h00 +00:00 A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
5.9
Medium
CVE-2022-23451 2022-09-06 15h18 +00:00 An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
8.1
High
CVE-2022-23452 2022-09-01 18h57 +00:00 An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
4.9
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.