Safety vulnerability ID: 50929
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Barbican 14.0.0.0rc1 includes a fix for CVE-2022-23451: An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
https://github.com/openstack/barbican/commit/7d270bacbe29a90a10f1855abc3b50dac0f08022
Latest version: 19.0.0
OpenStack Secure Key Management
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources. See CVE-2022-23451.
MISC:https://access.redhat.com/security/cve/CVE-2022-23451: https://access.redhat.com/security/cve/CVE-2022-23451
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2022878: https://bugzilla.redhat.com/show_bug.cgi?id=2022878
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2025089: https://bugzilla.redhat.com/show_bug.cgi?id=2025089
MISC:https://review.opendev.org/c/openstack/barbican/+/811236: https://review.opendev.org/c/openstack/barbican/+/811236
MISC:https://storyboard.openstack.org/#!/story/2009253: https://storyboard.openstack.org/#%21/story/2009253
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application