GitHub Advisory DatabaseGHSA-P2JG-Q8HW-P7GCBarbican authorization flaw before v14.0.0
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
46.9%
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Affected configurations
References
access.redhat.com/errata/RHSA-2022:5114
access.redhat.com/errata/RHSA-2022:8874
access.redhat.com/security/cve/CVE-2022-23451
bugzilla.redhat.com/show_bug.cgi?id=2022878
bugzilla.redhat.com/show_bug.cgi?id=2025089
github.com/advisories/GHSA-p2jg-q8hw-p7gc
github.com/openstack/barbican/commit/7d270bacbe29a90a10f1855abc3b50dac0f08022
nvd.nist.gov/vuln/detail/CVE-2022-23451
review.opendev.org/c/openstack/barbican/+/811236
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
46.9%