Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:6750
HistorySep 29, 2022 - 12:31 p.m.

(RHSA-2022:6750) Important: Red Hat OpenStack Platform (openstack-barbican) security update

2022-09-2912:31:24
access.redhat.com
12
red hat openstack platform
openstack-barbican
security update
access policy bypass
query string injection

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

26.9%

JSON

Barbican is a ReST API designed for the secure storage, provisioning and
management of secrets, including in OpenStack environments.

Security Fix(es):

  • openstack-barbican: access policy bypass via query string injection (CVE-2022-3100)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchopenstack-barbican-api< 9.0.2-2.20220122185349.c718783.el8ostopenstack-barbican-api-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
RedHat8noarchopenstack-barbican-keystone-listener< 9.0.2-2.20220122185349.c718783.el8ostopenstack-barbican-keystone-listener-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
RedHat9noarchopenstack-barbican-worker< 12.0.1-0.20220614210405.486e607.el9ostopenstack-barbican-worker-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
RedHat9noarchpython3-barbican< 12.0.1-0.20220614210405.486e607.el9ostpython3-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
RedHat7noarchopenstack-barbican-worker< 6.0.1-6.el7ostopenstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm
RedHat8noarchopenstack-barbican< 9.0.1-1.20220112203416.07be198.el8ostopenstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
RedHat8noarchopenstack-barbican-keystone-listener< 9.0.1-1.20220112203416.07be198.el8ostopenstack-barbican-keystone-listener-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
RedHat8noarchopenstack-barbican-api< 9.0.1-1.20220112203416.07be198.el8ostopenstack-barbican-api-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
RedHat8noarchopenstack-barbican-worker< 9.0.2-2.20220122185349.c718783.el8ostopenstack-barbican-worker-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
RedHat7noarchopenstack-barbican-api< 6.0.1-6.el7ostopenstack-barbican-api-6.0.1-6.el7ost.noarch.rpm
Rows per page:
1-10 of 241

Related

osv 4
nessus 4
cve 1
debian 2
openvas 3
debiancve 1
redhatcve 1
cvelist 1
prion 1
veracode 1
ubuntucve 1
nvd 1
ubuntu 1
osv
osv
barbican - security update
2022-10-04 00:00:00
barbican - security update
2022-10-04 00:00:00
barbican vulnerability
2022-10-25 11:18:14
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Barbican vulnerability (USN-5697-1)
2022-10-25 00:00:00
Debian DLA-3136-1 : barbican - LTS security update
2022-10-05 00:00:00
RHEL 7 / 8 / 9 : Red Hat OpenStack Platform (openstack-barbican) (RHSA-2022:6750)
2022-10-03 00:00:00
cve
cve
CVE-2022-3100
2023-01-18 17:15:10
debian
debian
[SECURITY] [DLA 3136-1] barbican security update
2022-10-04 07:57:51
[SECURITY] [DSA 5247-1] barbican security update
2022-10-04 19:09:49
openvas
openvas
Debian: Security Advisory (DLA-3136-1)
2022-10-05 00:00:00
Debian: Security Advisory (DSA-5247-1)
2022-10-05 00:00:00
Ubuntu: Security Advisory (USN-5697-1)
2022-10-26 00:00:00
debiancve
debiancve
CVE-2022-3100
2023-01-18 17:15:10
redhatcve
redhatcve
CVE-2022-3100
2022-09-28 17:18:55
cvelist
cvelist
CVE-2022-3100
2023-01-18 00:00:00
prion
prion
Design/Logic Flaw
2023-01-18 17:15:00
veracode
veracode
Access Policy Bypass Via Query String Injection
2022-10-20 00:45:07
ubuntucve
ubuntucve
CVE-2022-3100
2022-09-29 00:00:00
nvd
nvd
CVE-2022-3100
2023-01-18 17:15:10
ubuntu
ubuntu
Barbican vulnerability
2022-10-25 00:00:00

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

26.9%

JSON
Related for RHSA-2022:6750
osv4nessus4cve1debian2openvas3debiancve1redhatcve1cvelist1prion1veracode1ubuntucve1nvd1ubuntu1