CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
46.9%
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | barbican | < 1:14.0.0~rc1-2 | barbican_1:14.0.0~rc1-2_all.deb |
Debian | 11 | all | barbican | <= 1:11.0.0-3+deb11u1 | barbican_1:11.0.0-3+deb11u1_all.deb |
Debian | 999 | all | barbican | < 1:14.0.0~rc1-2 | barbican_1:14.0.0~rc1-2_all.deb |
Debian | 13 | all | barbican | < 1:14.0.0~rc1-2 | barbican_1:14.0.0~rc1-2_all.deb |