CVE Vulnerability

CVE-2022-23452

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

4.9 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2022908 Issue Tracking Permissions Required
https://access.redhat.com/security/cve/CVE-2022-23452 Third Party Advisory
https://review.opendev.org/c/openstack/barbican/+/814200 Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025090 Issue Tracking Third Party Advisory
https://storyboard.openstack.org/#%21/story/2009297
Configurations

Configuration 1

cpe:2.3:a:openstack:barbican:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
Information

Published : 2022-09-01 09:15

Updated : 2023-02-12 10:15

NVD link : CVE-2022-23452

Mitre link : CVE-2022-23452

Products Affected
No products.
CWE
CWE-863