Lucene search
K

72 matches found

Veracode
Veracode
added 2022/10/20 12:45 a.m.22 views

Access Policy Bypass Via Query String Injection

openstack-barbican is vulnerable to policy bypasses. The vulnerability allows an attacker to bypass the policy via a query string when accessing the API...

5.9CVSS5.6AI score0.00433EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/05 12:0 a.m.40 views

Debian dla-3136 : barbican-api - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3136 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3136-1 [email protected] https://www.debian.org/lts/security/...

5.9CVSS6.3AI score0.00433EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/10/03 12:0 a.m.45 views

RHEL 7 / 8 / 9 : Red Hat OpenStack Platform (openstack-barbican) (RHSA-2022:6750)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6750 advisory. Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Security...

5.9CVSS6.4AI score0.00433EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/09/29 12:42 p.m.31 views

Important: Red Hat Security Advisory: Red Hat OpenStack Platform (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

5.9CVSS6.5AI score0.00433EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2022/09/29 12:0 a.m.37 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.9CVSS6.5AI score0.00433EPSS
Exploits0References2
OSV
OSV
added 2022/09/29 12:0 a.m.2 views

UBUNTU-CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

5.9CVSS6.5AI score0.00433EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2022/09/28 5:18 p.m.48 views

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

7.1CVSS5AI score0.00433EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/06 6:15 p.m.6 views

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

8.1CVSS6.7AI score0.00971EPSS
Exploits0References9
OSV
OSV
added 2022/09/06 6:15 p.m.3 views

DEBIAN-CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

8.1CVSS6.5AI score0.00971EPSS
Exploits0References1
OSV
OSV
added 2022/09/06 6:15 p.m.23 views

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

8.1CVSS7.6AI score0.00971EPSS
Exploits0References5
Prion
Prion
added 2022/09/06 6:15 p.m.14 views

Authorization

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

5.5CVSS7.5AI score0.00971EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.34 views

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

7.8AI score0.00971EPSS
Exploits0References5
CVE
CVE
added 2022/09/06 5:18 p.m.711 views

CVE-2022-23451

CVE-2022-23451 concerns openstack-barbican. The issue is an authorization flaw where default secret-metadata API policy allows any authenticated user to add/modify/delete metadata on any secret, compromising ownership and enabling denial of service by resource consumption. The impact is described...

8.1CVSS7.5AI score0.00971EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/02 12:1 a.m.14 views

GHSA-6P2H-RJJ7-2J63 openstack-barbican Denial of Service vulnerability

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS5.8AI score0.01018EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/09/02 12:1 a.m.18 views

openstack-barbican Denial of Service vulnerability

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS6.9AI score0.01018EPSS
Exploits0References11Affected Software1
NVD
NVD
added 2022/09/01 9:15 p.m.39 views

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS0.01018EPSS
Exploits0References5
OSV
OSV
added 2022/09/01 9:15 p.m.29 views

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS6.4AI score0.01018EPSS
Exploits0References5
OSV
OSV
added 2022/09/01 9:15 p.m.2 views

DEBIAN-CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

4.9CVSS5.4AI score0.01018EPSS
Exploits0References1
Prion
Prion
added 2022/09/01 9:15 p.m.17 views

Authorization

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

3.3CVSS5.1AI score0.01018EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 2022/09/01 8:57 p.m.46 views

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service...

5.5AI score0.01018EPSS
Exploits0References5
Rows per page
Query Builder