CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1633

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1633

CVE-2023-1633 affects OpenStack Barbican. Multiple sources describe a credentials-leak flaw where a local authenticated attacker can read the Barbican configuration file and access sensitive credentials. The issue is tied to insecure configuration file handling and is acknowledged in Red Hat’s RH...

CVE-2023-1633 Insecure barbican configuration file leaking credential

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1633 Insecure barbican configuration file leaking credential

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials...

CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

CVE-2023-1636 Incomplete container isolation

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

CVE-2023-1636

OpenStack Barbican containers in an all‑in‑one configuration share CGROUP, USER, and NET namespaces with the host and other services, allowing a compromised service to access data transmitted to/from Barbican. The CVE-2023-1636 entry describes an information‑disclosure risk due to incomplete cont...

CVE-2023-1636 Incomplete container isolation

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is...

CVE-2023-1625

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

CVE-2023-1625 Information leak in api

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

CVE-2023-1625 Information leak in api

An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system...

CVE-2023-1625

CVE-2023-1625 affects OpenStack Heat. A disclosed information leak allows a remote, authenticated attacker to use the stack show command to reveal otherwise hidden parameters. Impact is described as low for confidentiality and low for other aspects, with exploitation tied to OpenStack Heat behavi...

PT-2023-17135 · Openstack · Openstack-Barbican

Name of the Vulnerable Software and Affected Versions: OpenStack Barbican affected versions not specified Description: A credentials leak flaw was found in OpenStack Barbican, allowing a local authenticated attacker to read the configuration file and gain access to sensitive credentials...

PT-2023-17138 · Openstack · Openstack-Barbican

Name of the Vulnerable Software and Affected Versions: OpenStack Barbican affected versions not specified Description: A vulnerability was found in OpenStack Barbican containers, applicable only to deployments utilizing an all-in-one configuration. Barbican containers share the same CGROUP, USER,...

CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials...

CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials...

CVE-2022-3596

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials...

Information disclosure

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials...

CVE-2022-3596 Instack-undercloud: rsync leaks information to undercloud

An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials...