3 matches found
CVE-2022-3100
The CVE-2022-3100 issue affects the openstack-barbican component and enables an access policy bypass via a query string when calling the API. This vulnerability is discussed across multiple sources, with explicit confirmation in the SUSE-SU-2023:0071-1 security update: openstack-barbican Fixes CV...
CVE-2023-1633
CVE-2023-1633 affects OpenStack Barbican. Multiple sources describe a credentials-leak flaw where a local authenticated attacker can read the Barbican configuration file and access sensitive credentials. The issue is tied to insecure configuration file handling and is acknowledged in Red Hat’s RH...
CVE-2023-1636
OpenStack Barbican containers in an all‑in‑one configuration share CGROUP, USER, and NET namespaces with the host and other services, allowing a compromised service to access data transmitted to/from Barbican. The CVE-2023-1636 entry describes an information‑disclosure risk due to incomplete cont...