Linux Distros Unpatched Vulnerability : CVE-2022-23451

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or...

Authorization

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

CVE-2022-23451

CVE-2022-23451 concerns openstack-barbican. The issue is an authorization flaw where default secret-metadata API policy allows any authenticated user to add/modify/delete metadata on any secret, compromising ownership and enabling denial of service by resource consumption. The impact is described...

Ubuntu 18.04 LTS / 20.04 LTS : Barbican vulnerabilities (USN-5387-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5387-1 advisory. Douglas Mendizbal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue t...