Lucene search
K

72 matches found

Positive Technologies
Positive Technologies
added 2023/09/24 12:0 a.m.2 views

PT-2023-17135 · Openstack · Openstack-Barbican

Name of the Vulnerable Software and Affected Versions: OpenStack Barbican affected versions not specified Description: A credentials leak flaw was found in OpenStack Barbican, allowing a local authenticated attacker to read the configuration file and gain access to sensitive credentials...

6.6CVSS5.6AI score0.00191EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/04/26 1:54 a.m.2 views

SUSE CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

6.6CVSS6.2AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/04/26 1:54 a.m.4 views

SUSE CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

6CVSS6.9AI score0.0048EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/04/21 10:56 p.m.31 views

CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

6.6CVSS5.7AI score0.00191EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

7.1CVSS5.5AI score0.00433EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.2 views

SUSE CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

6.5CVSS6.1AI score0.00971EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:28 a.m.3 views

SUSE CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS6AI score0.01018EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.34 views

RHEL 8 : Red Hat OpenStack Platform 16.1.9 (openstack-barbican) (RHSA-2022:8874)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8874 advisory. Barbican is a REST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Securit...

8.1CVSS6.6AI score0.01018EPSS
Exploits0References10
NVD
NVD
added 2023/01/18 5:15 p.m.16 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.9CVSS5.5AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2023/01/18 5:15 p.m.18 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.9CVSS5.5AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2023/01/18 5:15 p.m.2 views

DEBIAN-CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.9CVSS6.1AI score0.00433EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/18 12:0 a.m.4 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.8AI score0.00433EPSS
Exploits0References1
CVE
CVE
added 2023/01/18 12:0 a.m.133 views

CVE-2022-3100

The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...

5.9CVSS5.4AI score0.00433EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/01/18 12:0 a.m.33 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.7AI score0.00433EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/01/18 12:0 a.m.26 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.9CVSS6.1AI score0.00433EPSS
Exploits0
OSV
OSV
added 2023/01/11 2:41 p.m.7 views

SUSE-SU-2023:0071-1 Security update for openstack-barbican

This update for openstack-barbican contains the following fix: Security fix included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection bsc1203873. Update for openstack-barbican: - Add patch for CVE-2022-3100 to address access policy bypa...

5.9CVSS6.4AI score0.00433EPSS
Exploits0References3
OSV
OSV
added 2023/01/11 2:40 p.m.8 views

SUSE-SU-2023:0070-1 Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp

This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues: Security fixes included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection...

8.8CVSS7.7AI score0.92984EPSS
Exploits12References5
RedHat Linux
RedHat Linux
added 2022/12/07 8:28 p.m.5 views

openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

8.1CVSS5.8AI score0.00971EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/07 8:28 p.m.10 views

openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS5.8AI score0.01018EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/10/25 12:0 a.m.25 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Barbican vulnerability (USN-5697-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5697-1 advisory. Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to...

5.9CVSS6.4AI score0.00433EPSS
Exploits0References2
Rows per page
Query Builder