72 matches found
PT-2023-17135 · Openstack · Openstack-Barbican
Name of the Vulnerable Software and Affected Versions: OpenStack Barbican affected versions not specified Description: A credentials leak flaw was found in OpenStack Barbican, allowing a local authenticated attacker to read the configuration file and gain access to sensitive credentials...
SUSE CVE-2023-1633
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...
SUSE CVE-2023-1636
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...
CVE-2023-1633
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...
SUSE CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
SUSE CVE-2022-23451
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...
SUSE CVE-2022-23452
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...
RHEL 8 : Red Hat OpenStack Platform 16.1.9 (openstack-barbican) (RHSA-2022:8874)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8874 advisory. Barbican is a REST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Securit...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
DEBIAN-CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...
SUSE-SU-2023:0071-1 Security update for openstack-barbican
This update for openstack-barbican contains the following fix: Security fix included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection bsc1203873. Update for openstack-barbican: - Add patch for CVE-2022-3100 to address access policy bypa...
SUSE-SU-2023:0070-1 Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp
This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues: Security fixes included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection...
openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...
openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Barbican vulnerability (USN-5697-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5697-1 advisory. Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to...