Headline
RHSA-2022:5114: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update
An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.2.3 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-23451: openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret
- CVE-2022-23452: openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project’s containers
Issued:
2022-06-22
Updated:
2022-06-22
RHSA-2022:5114 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: Red Hat OpenStack Platform 16.2 (openstack-barbican) security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openstack-barbican is now available for Red Hat OpenStack
Platform 16.2.3 (Train).
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Barbican is a ReST API designed for the secure storage, provisioning and
management of secrets, including in OpenStack environments.
Security Fix(es):
- Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret (CVE-2022-23451)
- Barbican allows authenticated role to add secrets to a different project’s containers (CVE-2022-23452)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Affected Products
- Red Hat OpenStack 16.2 x86_64
- Red Hat OpenStack for IBM Power 16.2 ppc64le
Fixes
- BZ - 2025089 - CVE-2022-23451 openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret
- BZ - 2025090 - CVE-2022-23452 openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project’s containers
Red Hat OpenStack 16.2
SRPM
openstack-barbican-9.0.2-2.20220122185348.c718783.el8ost.src.rpm
SHA-256: 325bf111ad97f706cad0d44d5ec43cee8e16252c742fadfe2e3b3d803363a9fa
x86_64
openstack-barbican-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 7180f6d3e0a94d846bcb5f0d9dc5e911cef4d21e03afd6522a82af94ca3c3b19
openstack-barbican-api-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: b72d7015dc3d2830720142d6913ccd0187f0fd9b5066c7fc9486d24179a5ea14
openstack-barbican-common-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 69cdf4aa232533b15aa17547a6dbe1cc257fef1e975f875e085702394378fc6d
openstack-barbican-keystone-listener-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: c9d09e3035063cb0dfa9cd74dcea3d29a09bd25c9b2c2e084bbb4ab5a9ebfe8b
openstack-barbican-worker-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 67ef2838f95f94bc145ea775f8f67f94ab25f0337be2818f690462d7bbd4b5d3
python3-barbican-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 31e3301a59446c5954253881c77fef151efa8b382f0c4a0bc2574a21af75344e
Red Hat OpenStack for IBM Power 16.2
SRPM
openstack-barbican-9.0.2-2.20220122185348.c718783.el8ost.src.rpm
SHA-256: 325bf111ad97f706cad0d44d5ec43cee8e16252c742fadfe2e3b3d803363a9fa
ppc64le
openstack-barbican-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 7180f6d3e0a94d846bcb5f0d9dc5e911cef4d21e03afd6522a82af94ca3c3b19
openstack-barbican-api-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: b72d7015dc3d2830720142d6913ccd0187f0fd9b5066c7fc9486d24179a5ea14
openstack-barbican-common-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 69cdf4aa232533b15aa17547a6dbe1cc257fef1e975f875e085702394378fc6d
openstack-barbican-keystone-listener-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: c9d09e3035063cb0dfa9cd74dcea3d29a09bd25c9b2c2e084bbb4ab5a9ebfe8b
openstack-barbican-worker-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 67ef2838f95f94bc145ea775f8f67f94ab25f0337be2818f690462d7bbd4b5d3
python3-barbican-9.0.2-2.20220122185348.c718783.el8ost.noarch.rpm
SHA-256: 31e3301a59446c5954253881c77fef151efa8b382f0c4a0bc2574a21af75344e
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-8874-01 - An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23451: openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret * CVE-2022-23452: openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Red Hat Security Advisory 2022-5114-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments.