Openstack

Barbican

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2023-1633

  • EPSS 0.02%
  • Veröffentlicht 24.09.2023 01:15:43
  • Zuletzt bearbeitet 21.11.2024 07:39:35

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

5

CVE-2023-1636

  • EPSS 0.07%
  • Veröffentlicht 24.09.2023 01:15:43
  • Zuletzt bearbeitet 21.11.2024 07:39:35

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and oth...

5.9

CVE-2022-3100

  • EPSS 0.03%
  • Veröffentlicht 18.01.2023 17:15:10
  • Zuletzt bearbeitet 03.04.2025 20:15:17

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

8.1

CVE-2022-23451

  • EPSS 0.12%
  • Veröffentlicht 06.09.2022 18:15:10
  • Zuletzt bearbeitet 21.11.2024 06:48:34

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the...

4.9

CVE-2022-23452

  • EPSS 0.08%
  • Veröffentlicht 01.09.2022 21:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:35

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.