Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

CVE
#dos#java#auth

To use PolyGerrit, please enable JavaScript in your browser settings, and then refresh this page.

Related news

Red Hat Security Advisory 2022-8874-01

Red Hat Security Advisory 2022-8874-01 - An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.

RHSA-2022:8874: Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23451: openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret * CVE-2022-23452: openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers

GHSA-p2jg-q8hw-p7gc: Barbican authorization flaw before v14.0.0

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

Red Hat Security Advisory 2022-5114-01

Red Hat Security Advisory 2022-5114-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments.

RHSA-2022:5114: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update

An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2.3 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23451: openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret * CVE-2022-23452: openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907