An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Advisories
Source ID Title
EUVD EUVD EUVD-2022-6888 An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Github GHSA Github GHSA GHSA-p2jg-q8hw-p7gc Barbican authorization flaw before v14.0.0
Ubuntu USN Ubuntu USN USN-5387-1 Barbican vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-03T03:43:46.011Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23451

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-06T18:15:10.640

Modified: 2024-11-21T06:48:34.943

Link: CVE-2022-23451

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-12-13T00:00:00Z

Links: CVE-2022-23451 - Bugzilla

cve-icon OpenCVE Enrichment

No data.