{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1633", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-03-25T17:59:57.293Z", "datePublished": "2023-09-24T00:09:50.215Z", "dateUpdated": "2024-08-02T05:57:24.844Z"}, "containers": {"cna": {"title": "Insecure barbican configuration file leaking credential", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."}], "affected": [{"product": "openstack-barbican", "vendor": "n/a", "defaultStatus": "affected"}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 13 (Queens)", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-barbican", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:openstack:13"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.1", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-barbican", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 16.2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-barbican", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:16.2"]}, {"vendor": "Red Hat", "product": "Red Hat OpenStack Platform 17.0", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "openstack-barbican", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openstack:17.0"]}, {"product": "OpenStack RDO", "vendor": "RDO", "collectionURL": "https://repos.fedorapeople.org/repos/openstack/", "packageName": "openstack-barbican", "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-1633", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761", "name": "RHBZ#2181761", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2023-04-21T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "timeline": [{"lang": "en", "time": "2023-03-25T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-04-21T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-24T00:09:50.215Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:57:24.844Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-1633", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761", "name": "RHBZ#2181761", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*", "matchCriteriaId": "596EFC6C-4D91-4EDF-9EC6-1C58EB485C5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "F7076B1E-0529-43CC-828B-45C2ED11F9F6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."}, {"lang": "es", "value": "Se encontr\u00f3 una falla de fuga de credenciales en OpenStack Barbican. Esta falla permite que un atacante autenticado local lea el archivo de configuraci\u00f3n y obtenga acceso a credenciales sensibles."}], "id": "CVE-2023-1633", "lastModified": "2023-11-07T04:04:24.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2023-09-24T01:15:43.760", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-1633"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat).", "affected_release": [{"advisory": "RHSA-2023:6231", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "openstack-barbican-0:9.0.2-2.20230515185056.1cd585c.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-11-08T00:00:00Z"}], "bugzilla": {"description": "openstack-barbican: Insecure Barbican configuration file leaking credential", "id": "2181761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2181761"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "status": "verified"}, "cwe": "CWE-200", "details": ["A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.", "A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials."], "name": "CVE-2023-1633", "package_state": [{"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Out of support scope", "package_name": "openstack-barbican", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Will not fix", "package_name": "openstack-barbican", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Out of support scope", "package_name": "openstack-barbican", "product_name": "Red Hat OpenStack Platform 17.0"}], "public_date": "2023-04-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-1633\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1633"], "threat_severity": "Moderate"}