CVE-2022-23451

CVE-2022-23451 concerns openstack-barbican. The issue is an authorization flaw where default secret-metadata API policy allows any authenticated user to add/modify/delete metadata on any secret, compromising ownership and enabling denial of service by resource consumption. The impact is described...

CVE-2022-3100

The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...

CVE-2022-23452

CVE-2022-23452 affects openstack-barbican. The flaw is an authorization issue where any admin can add secrets to another project’s container, enabling network-accessed resource consumption and potential DoS. The NVD CVSSv3.1 base score is 4.9 (MEDIUM) with Network attack, low complexity, and high...

CVE-2023-1633

CVE-2023-1633 affects OpenStack Barbican. Multiple sources describe a credentials-leak flaw where a local authenticated attacker can read the Barbican configuration file and access sensitive credentials. The issue is tied to insecure configuration file handling and is acknowledged in Red Hat’s RH...

CVE-2023-1636

OpenStack Barbican containers in an all‑in‑one configuration share CGROUP, USER, and NET namespaces with the host and other services, allowing a compromised service to access data transmitted to/from Barbican. The CVE-2023-1636 entry describes an information‑disclosure risk due to incomplete cont...