Lucene search

[email protected]CVE-2022-3100

HistoryJan 18, 2023 - 5:15 p.m.

CVE-2022-3100

2023-01-1817:15:00

CWE-305

[email protected]

web.nvd.nist.gov

cve-2022-3100

openstack-barbican

flaw

access policy bypass

query string

api

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

5.4 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

26.6%

JSON

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

VendorProductVersionCPE
redhatopenstack_platform*cpe:2.3:a:redhat:openstack_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redhat	openstack_platform	*	cpe:2.3:a:redhat:openstack_platform::::::::

References

access.redhat.com/security/cve/CVE-2022-3100

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

5.4 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

26.6%

JSON

Related for CVE-2022-3100

nessus4 debian2 redhat1 osv4 redhatcve1 debiancve1 prion1 veracode1 ubuntucve1 ubuntu1