CVE-2022-23451

🗓️ 06 Sep 2022 17:18:52Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 703 Views

An authorization flaw found in openstack-barbican with default policy rules for secret metadata API allowing any authenticated user to add, modify, or delete metadata from any secret regardless of ownership, leading to denial of service

Reporter	Title	Published	Views	Family All 42
ATTACKERKB	CVE-2022-23451	6 Sep 202218:15	–	attackerkb
CNNVD	barbican 授权问题漏洞	25 Apr 202200:00	–	cnnvd
Cvelist	CVE-2022-23451	6 Sep 202217:18	–	cvelist
Debian CVE	CVE-2022-23451	6 Sep 202217:18	–	debiancve
EUVD	EUVD-2022-6888	3 Oct 202520:07	–	euvd
Github Security Blog	Barbican authorization flaw before v14.0.0	7 Sep 202200:01	–	github
NVD	CVE-2022-23451	6 Sep 202218:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-5387-1)	26 Apr 202200:00	–	openvas
OSV	CVE-2022-23451	6 Sep 202218:15	–	osv
OSV	DEBIAN-CVE-2022-23451	6 Sep 202218:15	–	osv

NVD

Vulners

Node

openstack barbicanRange<14.0.0

Node

redhat openstack_platformMatch13.0

redhat openstack_platformMatch16.1

redhat openstack_platformMatch16.2

[
  {
    "product": "openstack/barbican",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in v14.0.0"
      }
    ]
  }
]

Source	Link
storyboard	www.storyboard.openstack.org/
review	www.review.opendev.org/c/openstack/barbican/+/811236
access	www.access.redhat.com/security/cve/CVE-2022-23451
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

21 Nov 2024 06:48Current

7.5High risk

Vulners AI Score7.5

CVSS 3.18.1

EPSS0.00339

CWE-863