Lucene search
RedhatCVE-2023-1633HistorySep 24, 2023 - 1:15 a.m.
CVE-2023-1633
2023-09-2401:15:43
CWE-522
CWE-200
redhat
web.nvd.nist.gov
41
openstack
barbican
credentials leak
cve-2023-1633
security flaw
local attacker
configuration file
sensitive credentials
CVSS3
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
AI Score
4.9
Confidence
High
EPSS
0
Percentile
5.1%
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
Affected configurations
Node
openstackbarbicanMatch-
Node
redhatopenstack_platformMatch16.1
ORredhatopenstack_platformMatch16.2
ORredhatopenstack_platformMatch17.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| openstack | barbican | - | cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:* |
| redhat | openstack_platform | 16.1 | cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* |
| redhat | openstack_platform | 16.2 | cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* |
| redhat | openstack_platform | 17.0 | cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "openstack-barbican",
"vendor": "n/a",
"defaultStatus": "affected"
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 13 (Queens)",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openstack-barbican",
"defaultStatus": "unknown",
"cpes": [
"cpe:/a:redhat:openstack:13"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.1",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openstack-barbican",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.1"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 16.2",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openstack-barbican",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:16.2"
]
},
{
"vendor": "Red Hat",
"product": "Red Hat OpenStack Platform 17.0",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "openstack-barbican",
"defaultStatus": "affected",
"cpes": [
"cpe:/a:redhat:openstack:17.0"
]
},
{
"product": "OpenStack RDO",
"vendor": "RDO",
"collectionURL": "https://repos.fedorapeople.org/repos/openstack/",
"packageName": "openstack-barbican",
"defaultStatus": "affected"
}
]Related
prion
prion
Design/Logic Flaw
2023-09-24 01:15:00
nessus
nessus
redhatcve
redhatcve
CVE-2023-1633
2023-04-21 22:56:49
cvelist
cvelist
CVE-2023-1633 Insecure barbican configuration file leaking credential
2023-09-24 00:09:50
ubuntucve
ubuntucve
CVE-2023-1633
2023-09-24 00:00:00
osv
osv
OpenStack Barbican credential leak flaw
2023-09-24 03:30:20
CVE-2023-1633
2023-09-24 01:15:43
github
github
OpenStack Barbican credential leak flaw
2023-09-24 03:30:20
redhat
redhat
nvd
nvd
CVE-2023-1633
2023-09-24 01:15:43
debiancve
debiancve
CVE-2023-1633
2023-09-24 01:15:43
CVSS3
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
AI Score
4.9
Confidence
High
EPSS
0
Percentile
5.1%
Related for CVE-2023-1633