Linux Distros Unpatched Vulnerability : CVE-2022-23451

🗓️ 05 Mar 2025 00:00:00Reported by TenableType

Linux host has unpatched vulnerability CVE-2022-23451 affecting openstack-barbican authorization flaw.

Reporter	Title	Published	Views	Family All 42
ATTACKERKB	CVE-2022-23451	6 Sep 202218:15	–	attackerkb
CNNVD	barbican 授权问题漏洞	25 Apr 202200:00	–	cnnvd
CVE	CVE-2022-23451	6 Sep 202217:18	–	cve
Cvelist	CVE-2022-23451	6 Sep 202217:18	–	cvelist
Debian CVE	CVE-2022-23451	6 Sep 202217:18	–	debiancve
EUVD	EUVD-2022-6888	3 Oct 202520:07	–	euvd
Github Security Blog	Barbican authorization flaw before v14.0.0	7 Sep 202200:01	–	github
NVD	CVE-2022-23451	6 Sep 202218:15	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-5387-1)	26 Apr 202200:00	–	openvas
OSV	CVE-2022-23451	6 Sep 202218:15	–	osv

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2022-23451
ubuntu	www.ubuntu.com/security/CVE-2022-23451
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(230009);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/30");

  script_cve_id("CVE-2022-23451");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2022-23451");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata
    API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of
    ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a
    denial of service by consuming protected resources. (CVE-2022-23451)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2022-23451");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2022-23451");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-23451");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:barbican");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:barbican");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "barbican-api"},
          {"reference": "barbican-common"},
          {"reference": "barbican-doc"},
          {"reference": "barbican-keystone-listener"},
          {"reference": "barbican-worker"},
          {"reference": "python3-barbican"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "barbican"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

30 Aug 2025 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.18.1

EPSS0.00339