CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
50.3%
Barbican is a ReST API designed for the secure storage, provisioning and
management of secrets, including in OpenStack environments.
Security Fix(es):
Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret (CVE-2022-23451)
Barbican allows authenticated role to add secrets to a different project’s containers (CVE-2022-23452)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 8 | noarch | openstack-barbican | < 9.0.2-2.20220122185348.c718783.el8ost | openstack-barbican-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm |
RedHat | 8 | noarch | openstack-barbican-api | < 9.0.2-2.20220122185348.c718783.el8ost | openstack-barbican-api-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm |
RedHat | 8 | noarch | python3-barbican | < 9.0.2-2.20220122185348.c718783.el8ost | python3-barbican-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm |
RedHat | 8 | noarch | openstack-barbican-keystone-listener | < 9.0.2-2.20220122185348.c718783.el8ost | openstack-barbican-keystone-listener-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm |
RedHat | 8 | noarch | openstack-barbican-worker | < 9.0.2-2.20220122185348.c718783.el8ost | openstack-barbican-worker-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm |
RedHat | 8 | noarch | openstack-barbican-common | < 9.0.2-2.20220122185348.c718783.el8ost | openstack-barbican-common-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm |