Описание
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| barbican | fixed | 1:14.0.0~rc1-2 | package | |
| barbican | no-dsa | bullseye | package | |
| barbican | no-dsa | buster | package | |
| barbican | no-dsa | stretch | package |
Примечания
https://storyboard.openstack.org/#!/story/2009297
https://bugzilla.redhat.com/show_bug.cgi?id=2025090
EPSS
Связанные уязвимости
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
openstack-barbican Denial of Service vulnerability
EPSS