CVE-2022-23452
openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers
Severity Score
4.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Se ha encontrado un fallo de autorización en openstack-barbican, donde cualquier persona con un rol de administrador puede añadir secretos a un contenedor de proyecto diferente. Este fallo permite a un atacante en la red consumir recursos protegidos y causar una denegación de servicio
An update for openstack-barbican is now available for Red Hat OpenStack Platform 16.1.9 (Train) for Red Hat Enterprise Linux (RHEL) 8.2.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-01-19 CVE Reserved
- 2022-06-23 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://storyboard.openstack.org/#%21/story/2009297 | X_refsource_misc |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://review.opendev.org/c/openstack/barbican/+/814200 | 2023-02-12 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-23452 | 2022-12-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2025090 | 2022-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Barbican Search vendor "Openstack" for product "Barbican" | < 14.0.0 Search vendor "Openstack" for product "Barbican" and version " < 14.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Platform Search vendor "Redhat" for product "Openstack Platform" | 16.1 Search vendor "Redhat" for product "Openstack Platform" and version "16.1" | - |
Affected
| ||||||