Back to search
CVE-2022-23451
Published: Sep 6, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
| Vendor | Product | Versions |
|---|---|---|
n/a | openstack/barbican | affected Fixed in v14.0.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=2025089
x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2022878
x_refsource_MISC
https://storyboard.openstack.org/#%21/story/2009253
x_refsource_MISC
https://review.opendev.org/c/openstack/barbican/+/811236
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-23451
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now