CVE-2022-23452

Опубликовано: 01 сент. 2022

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

Ссылки

https://access.redhat.com/security/cve/CVE-2022-23452
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2022908
Issue Tracking
Permissions Required
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025090
Issue Tracking
Third Party Advisory
https://review.opendev.org/c/openstack/barbican/+/814200
Patch
Third Party Advisory
https://storyboard.openstack.org/#%21/story/2009297
https://access.redhat.com/security/cve/CVE-2022-23452
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2022908
Issue Tracking
Permissions Required
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025090
Issue Tracking
Third Party Advisory
https://review.opendev.org/c/openstack/barbican/+/814200
Patch
Third Party Advisory
https://storyboard.openstack.org/#%21/story/2009297

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openstack:barbican:*:*:*:*:*:*:*:*

Версия до 14.0.0 (исключая)

Конфигурация 2

cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.0038

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

CVE-2022-23452

CVSS3: 4.9

ubuntu

больше 3 лет назад

CVE-2022-23452

CVSS3: 3.8

redhat

около 4 лет назад

CVE-2022-23452

CVSS3: 4.9

debian

больше 3 лет назад

An authorization flaw was found in openstack-barbican, where anyone wi ...

GHSA-6p2h-rjj7-2j63

CVSS3: 4.9

github

больше 3 лет назад

openstack-barbican Denial of Service vulnerability

EPSS

Процентиль: 59%

0.0038

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-863