Headline
RHSA-2022:6750: Red Hat Security Advisory: Red Hat OpenStack Platform (openstack-barbican) security update
An update for openstack-barbican is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3100: openstack-barbican: access policy bypass via query string injection
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-09-29
Updated:
2022-09-29
RHSA-2022:6750 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: Red Hat OpenStack Platform (openstack-barbican) security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for openstack-barbican is now available for Red Hat OpenStack
Platform.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Description
Barbican is a ReST API designed for the secure storage, provisioning and
management of secrets, including in OpenStack environments.
Security Fix(es):
- openstack-barbican: access policy bypass via query string injection (CVE-2022-3100)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenStack 17 x86_64
- Red Hat OpenStack 16.2 x86_64
- Red Hat OpenStack 16.1 x86_64
- Red Hat OpenStack for IBM Power 16.2 ppc64le
- Red Hat OpenStack for IBM Power 16.1 ppc64le
- Red Hat OpenStack 13 - Extended Life Cycle Support 13 x86_64
- Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13 ppc64le
Fixes
- BZ - 2125404 - CVE-2022-3100 openstack-barbican: access policy bypass via query string injection
Red Hat OpenStack 17
SRPM
openstack-barbican-12.0.1-0.20220614210405.486e607.el9ost.src.rpm
SHA-256: c9d98ede00a363e998a7b79a77ce787446468615d7ed8bedf2d37aa6efb6723a
x86_64
openstack-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
SHA-256: 3f820f6670d028f3a27f89d7049828478934c487d3a0807715a6d49baa6eede2
openstack-barbican-api-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
SHA-256: 9f978c41f2ab60a90eb28ad743c888ff68b4322d984da92956fa172492769e98
openstack-barbican-common-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
SHA-256: 57a0ad21dca15d144a1f4b3e23189cb27cabee330a18a5cd486730f52d86dbca
openstack-barbican-keystone-listener-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
SHA-256: 4a3d33046e3f45d7166426c6bc535be8fd798b2280f41eeda04c16a7623d1f1b
openstack-barbican-worker-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
SHA-256: 136400037201f26b81920615c39280ce23ebc0b6b7233c7a2ef1a97e85f64677
python3-barbican-12.0.1-0.20220614210405.486e607.el9ost.noarch.rpm
SHA-256: c44df0283917f1b21de7458bf250df0651df57c2f7ddbf02d5b23106b5a52c5f
Red Hat OpenStack 16.2
SRPM
openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.src.rpm
SHA-256: b4f6d1580925ac1c8e07065fb44f8706f6de2c3cb43040a92ddb61b957ba1c73
x86_64
openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 071623c1f3dedb7a036791dde0fa76b37747be07a5a89666a3fa28a940e23d7d
openstack-barbican-api-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 329ea63f55619175929310eeb553fe220926838c755914ad1fe999ece3b569f2
openstack-barbican-common-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 167a3023c46a46756701760c3adccebb01bd683c9112e6fe060ac747092036ec
openstack-barbican-keystone-listener-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 9c5ae38513e81508906ceead6f40a76903127ea4de07688549ef0449cbe07c5f
openstack-barbican-worker-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: b1065e2c121b3ef0b28686bf411efdbfe143e6e1e8249af4262412e7ee51ffda
python3-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 715d06b66dba3920926b5c2692069eb044562f3023da7738fa9a1efa46dfca5b
Red Hat OpenStack 16.1
SRPM
openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.src.rpm
SHA-256: 45d3e88dbfa850b31258b2ef04e46d5c81a584013d2cd876ff6c00bfc6886bba
x86_64
openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: 28a9b612c198fe08caf3bcb3f955e4fa1e81f55d7111310fc70fafcc03a7d29f
openstack-barbican-api-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: ccf752231cd783e6942e383699c67dd68c10eaaacfdea16c208c5636c6744fe3
openstack-barbican-common-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: 81a9bf8efb09a1d5f9a7147df550991bb000a41bb402421b41ec547b5453cd53
openstack-barbican-keystone-listener-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: b7d5a49c1dc02de31394b15ac9da045cd0c9ce6021275079ff6a849f89223662
openstack-barbican-worker-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: d88b1c534ed85f8757dc670dddb633fba931e8bf22a80de1490a1f3a21c27573
python3-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: ad48082a95eb5f52f6604ca907a671615d30a5ad2ff41f9e4bd56fc4b863adb1
Red Hat OpenStack for IBM Power 16.2
SRPM
openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.src.rpm
SHA-256: b4f6d1580925ac1c8e07065fb44f8706f6de2c3cb43040a92ddb61b957ba1c73
ppc64le
openstack-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 071623c1f3dedb7a036791dde0fa76b37747be07a5a89666a3fa28a940e23d7d
openstack-barbican-api-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 329ea63f55619175929310eeb553fe220926838c755914ad1fe999ece3b569f2
openstack-barbican-common-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 167a3023c46a46756701760c3adccebb01bd683c9112e6fe060ac747092036ec
openstack-barbican-keystone-listener-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 9c5ae38513e81508906ceead6f40a76903127ea4de07688549ef0449cbe07c5f
openstack-barbican-worker-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: b1065e2c121b3ef0b28686bf411efdbfe143e6e1e8249af4262412e7ee51ffda
python3-barbican-9.0.2-2.20220122185349.c718783.el8ost.noarch.rpm
SHA-256: 715d06b66dba3920926b5c2692069eb044562f3023da7738fa9a1efa46dfca5b
Red Hat OpenStack for IBM Power 16.1
SRPM
openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.src.rpm
SHA-256: 45d3e88dbfa850b31258b2ef04e46d5c81a584013d2cd876ff6c00bfc6886bba
ppc64le
openstack-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: 28a9b612c198fe08caf3bcb3f955e4fa1e81f55d7111310fc70fafcc03a7d29f
openstack-barbican-api-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: ccf752231cd783e6942e383699c67dd68c10eaaacfdea16c208c5636c6744fe3
openstack-barbican-common-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: 81a9bf8efb09a1d5f9a7147df550991bb000a41bb402421b41ec547b5453cd53
openstack-barbican-keystone-listener-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: b7d5a49c1dc02de31394b15ac9da045cd0c9ce6021275079ff6a849f89223662
openstack-barbican-worker-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: d88b1c534ed85f8757dc670dddb633fba931e8bf22a80de1490a1f3a21c27573
python3-barbican-9.0.1-1.20220112203416.07be198.el8ost.noarch.rpm
SHA-256: ad48082a95eb5f52f6604ca907a671615d30a5ad2ff41f9e4bd56fc4b863adb1
Red Hat OpenStack 13 - Extended Life Cycle Support 13
SRPM
openstack-barbican-6.0.1-6.el7ost.src.rpm
SHA-256: 5a96e1031bc8a33f91e51b0e9d211527d994e755b47770a41b2a7240246e4e3f
x86_64
openstack-barbican-6.0.1-6.el7ost.noarch.rpm
SHA-256: 4de9b006cd3c48a2f5fbe4db8e6883d66ecb180a0a85111305ba65a9a9feb434
openstack-barbican-api-6.0.1-6.el7ost.noarch.rpm
SHA-256: c2cfc4d02b9a2683835388e741fc92836b69b7c5beb850f96539b312625a6743
openstack-barbican-common-6.0.1-6.el7ost.noarch.rpm
SHA-256: 0c01f08de7e1a3836c55ef27dfa35b26491093ddd27f43d5090c4119963ef183
openstack-barbican-keystone-listener-6.0.1-6.el7ost.noarch.rpm
SHA-256: b7b2bb2e3b9ac48ef5e4c190fd16468db41b2943c5482c9672079ff1d0c3524c
openstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm
SHA-256: dff8310532b89a89690d1d1be84da53c0b030da58b2bb5c1c393ad586565545c
python-barbican-6.0.1-6.el7ost.noarch.rpm
SHA-256: dc3bf7b267b083d9fedae9a30e33e7ce8a2cecac3a8ff75820bba7ad2577ee4f
Red Hat OpenStack 13 for IBM Power - Extended Life Cycle Support 13
SRPM
openstack-barbican-6.0.1-6.el7ost.src.rpm
SHA-256: 5a96e1031bc8a33f91e51b0e9d211527d994e755b47770a41b2a7240246e4e3f
ppc64le
openstack-barbican-6.0.1-6.el7ost.noarch.rpm
SHA-256: 4de9b006cd3c48a2f5fbe4db8e6883d66ecb180a0a85111305ba65a9a9feb434
openstack-barbican-api-6.0.1-6.el7ost.noarch.rpm
SHA-256: c2cfc4d02b9a2683835388e741fc92836b69b7c5beb850f96539b312625a6743
openstack-barbican-common-6.0.1-6.el7ost.noarch.rpm
SHA-256: 0c01f08de7e1a3836c55ef27dfa35b26491093ddd27f43d5090c4119963ef183
openstack-barbican-keystone-listener-6.0.1-6.el7ost.noarch.rpm
SHA-256: b7b2bb2e3b9ac48ef5e4c190fd16468db41b2943c5482c9672079ff1d0c3524c
openstack-barbican-worker-6.0.1-6.el7ost.noarch.rpm
SHA-256: dff8310532b89a89690d1d1be84da53c0b030da58b2bb5c1c393ad586565545c
python-barbican-6.0.1-6.el7ost.noarch.rpm
SHA-256: dc3bf7b267b083d9fedae9a30e33e7ce8a2cecac3a8ff75820bba7ad2577ee4f
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Ubuntu Security Notice 5697-1 - Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy.
Red Hat Security Advisory 2022-6750-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Issues addressed include a bypass vulnerability.