Vulnerability Details CVE-2022-23452
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.6%
CVSS Severity
CVSS v3 Score 4.9
References
- https://access.redhat.com/security/cve/CVE-2022-23452
- https://bugzilla.redhat.com/show_bug.cgi?id=2022908
- https://bugzilla.redhat.com/show_bug.cgi?id=2025090
- https://review.opendev.org/c/openstack/barbican/+/814200
- https://storyboard.openstack.org/#%21/story/2009297
- https://access.redhat.com/security/cve/CVE-2022-23452
- https://bugzilla.redhat.com/show_bug.cgi?id=2022908
- https://bugzilla.redhat.com/show_bug.cgi?id=2025090
- https://review.opendev.org/c/openstack/barbican/+/814200
- https://storyboard.openstack.org/#%21/story/2009297
Products affected by CVE-2022-23452
-
cpe:2.3:a:openstack:barbican:-
-
cpe:2.3:a:openstack:barbican:0.1.30
-
cpe:2.3:a:openstack:barbican:0.1.31
-
cpe:2.3:a:openstack:barbican:0.1.33
-
cpe:2.3:a:openstack:barbican:0.1.36
-
cpe:2.3:a:openstack:barbican:0.1.37
-
cpe:2.3:a:openstack:barbican:0.1.38
-
cpe:2.3:a:openstack:barbican:0.1.39
-
cpe:2.3:a:openstack:barbican:0.1.40
-
cpe:2.3:a:openstack:barbican:0.1.42
-
cpe:2.3:a:openstack:barbican:0.1.43
-
cpe:2.3:a:openstack:barbican:0.1.44
-
cpe:2.3:a:openstack:barbican:0.1.45
-
cpe:2.3:a:openstack:barbican:0.1.46
-
cpe:2.3:a:openstack:barbican:0.1.47
-
cpe:2.3:a:openstack:barbican:0.1.48
-
cpe:2.3:a:openstack:barbican:0.1.49
-
cpe:2.3:a:openstack:barbican:0.1.50
-
cpe:2.3:a:openstack:barbican:0.1.51
-
cpe:2.3:a:openstack:barbican:0.1.52
-
cpe:2.3:a:openstack:barbican:0.1.53
-
cpe:2.3:a:openstack:barbican:0.1.54
-
cpe:2.3:a:openstack:barbican:0.1.55
-
cpe:2.3:a:openstack:barbican:0.1.56
-
cpe:2.3:a:openstack:barbican:0.1.57
-
cpe:2.3:a:openstack:barbican:0.1.58
-
cpe:2.3:a:openstack:barbican:0.1.59
-
cpe:2.3:a:openstack:barbican:0.1.60
-
cpe:2.3:a:openstack:barbican:0.1.61
-
cpe:2.3:a:openstack:barbican:0.1.62
-
cpe:2.3:a:openstack:barbican:0.1.63
-
cpe:2.3:a:openstack:barbican:0.1.64
-
cpe:2.3:a:openstack:barbican:0.1.65
-
cpe:2.3:a:openstack:barbican:1.0.0
-
cpe:2.3:a:openstack:barbican:10.0.0
-
cpe:2.3:a:openstack:barbican:10.1.0
-
cpe:2.3:a:openstack:barbican:11.0.0
-
cpe:2.3:a:openstack:barbican:12.0.0
-
cpe:2.3:a:openstack:barbican:12.0.1
-
cpe:2.3:a:openstack:barbican:13.0.0
-
cpe:2.3:a:openstack:barbican:2.0.0
-
cpe:2.3:a:openstack:barbican:3.0.0
-
cpe:2.3:a:openstack:barbican:4.0.0
-
cpe:2.3:a:openstack:barbican:5.0.0
-
cpe:2.3:a:openstack:barbican:5.0.0.0b1
-
cpe:2.3:a:openstack:barbican:5.0.0.0b2
-
cpe:2.3:a:openstack:barbican:5.0.0.0b3
-
cpe:2.3:a:openstack:barbican:5.0.0.0rc1
-
cpe:2.3:a:openstack:barbican:5.0.1
-
cpe:2.3:a:openstack:barbican:6.0.0
-
cpe:2.3:a:openstack:barbican:6.0.1
-
cpe:2.3:a:openstack:barbican:7.0.0
-
cpe:2.3:a:openstack:barbican:8.0.0
-
cpe:2.3:a:openstack:barbican:8.0.1
-
cpe:2.3:a:openstack:barbican:9.0.0
-
cpe:2.3:a:openstack:barbican:9.0.1
-
cpe:2.3:a:redhat:openstack_platform:16.1