Safety vulnerability ID: 50879
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Barbican 14.0.0.0rc1 includes a fix for CVE-2022-23452: An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
https://review.opendev.org/c/openstack/barbican/+/814200
Latest version: 19.0.0
OpenStack Secure Key Management
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. See CVE-2022-23452.
MISC:https://access.redhat.com/security/cve/CVE-2022-23452: https://access.redhat.com/security/cve/CVE-2022-23452
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2022908: https://bugzilla.redhat.com/show_bug.cgi?id=2022908
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2025090: https://bugzilla.redhat.com/show_bug.cgi?id=2025090
MISC:https://review.opendev.org/c/openstack/barbican/+/814200: https://review.opendev.org/c/openstack/barbican/+/814200
MISC:https://storyboard.openstack.org/#!/story/2009297: https://storyboard.openstack.org/#%21/story/2009297
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application