CVE-2022-4134
https://notcve.org/view.php?id=CVE-2022-4134
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. • https://bugs.launchpad.net/glance/+bug/1990157 https://bugzilla.redhat.com/show_bug.cgi?id=2147462 https://wiki.openstack.org/wiki/OSSN/OSSN-0090 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVE-2022-3100 – openstack-barbican: access policy bypass via query string injection
https://notcve.org/view.php?id=CVE-2022-3100
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. Se encontró una falla en el componente openstack-barbican. Este problema permite omitir la política de acceso a través de una cadena de consulta al acceder a la API. • https://access.redhat.com/security/cve/CVE-2022-3100 https://bugzilla.redhat.com/show_bug.cgi?id=2125404 • CWE-305: Authentication Bypass by Primary Weakness •