An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-23451 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2022878 | Issue Tracking Permissions Required |
https://bugzilla.redhat.com/show_bug.cgi?id=2025089 | Issue Tracking Third Party Advisory |
https://review.opendev.org/c/openstack/barbican/+/811236 | Patch Third Party Advisory |
https://storyboard.openstack.org/#%21/story/2009253 |
Configurations
History
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 21:22
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
13 Sep 2022, 14:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
First Time |
Openstack
Redhat Redhat openstack Platform Openstack barbican |
|
References | (MISC) https://storyboard.openstack.org/#!/story/2009253 - Issue Tracking, Mailing List, Patch, Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-23451 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://review.opendev.org/c/openstack/barbican/+/811236 - Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2022878 - Issue Tracking, Permissions Required | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2025089 - Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:barbican:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* |
|
CWE | CWE-863 |
06 Sep 2022, 18:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-06 18:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-23451
Mitre link : CVE-2022-23451
CVE.ORG link : CVE-2022-23451
JSON object : View
Products Affected
openstack
- barbican
redhat
- openstack_platform
CWE
CWE-863
Incorrect Authorization