8.1

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackBarbican Version < 14.0.0
RedhatOpenstack Platform Version13.0
RedhatOpenstack Platform Version16.1
RedhatOpenstack Platform Version16.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.01% 0.588
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://access.redhat.com/security/cve/CVE-2022-23451
Third Party Advisory
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2022878
Issue Tracking
Permissions Required
https://bugzilla.redhat.com/show_bug.cgi?id=2025089
Third Party Advisory
Issue Tracking
https://review.opendev.org/c/openstack/barbican/+/811236
Patch
Third Party Advisory
https://storyboard.openstack.org/#%21/story/2009253