CVE-2022-23451

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23451

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23451.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-23451

Aliases

GHSA-p2jg-q8hw-p7gc

Related

Published

2022-09-06T18:15:10Z

Modified

2024-09-11T04:42:16.342178Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

References

Affected packages

Debian:11 / barbican

Package

Name: barbican
Purl: pkg:deb/debian/barbican?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:11.*

1:11.0.0-3

1:11.0.0-3+deb11u1

1:12.*

1:12.0.0~rc1-1

1:12.0.0-1

1:12.0.0-2

1:12.0.0-3

1:13.*

1:13.0.0~rc1-1

1:13.0.0~rc1-2

1:13.0.0-1

1:14.*

1:14.0.0~rc1-1

1:14.0.0~rc1-2

1:14.0.0-1

1:14.0.0-2

1:14.0.0-3

1:15.*

1:15.0.0~rc1-1

1:15.0.0~rc3-1

1:15.0.0-1

1:15.0.0-1.1

1:15.0.1-1

1:15.0.1-2

1:16.*

1:16.0.0~rc1-1

1:16.0.0-1

1:16.0.0-2

1:16.0.0-3

1:16.0.0-4

1:17.*

1:17.0.0~rc1-1

1:17.0.0-1

1:17.0.0-2

1:17.0.0-3

1:18.*

1:18.0.0~rc1-1

1:18.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / barbican

Package

Name: barbican
Purl: pkg:deb/debian/barbican?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:14.0.0~rc1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / barbican

Package

Name: barbican
Purl: pkg:deb/debian/barbican?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:14.0.0~rc1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/barbican

Affected ranges

Type: GIT
Repo: https://github.com/openstack/barbican
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ffea7f79c9d4d1c37ecce44bc424eaff9704bdaa

Affected versions

0.*

0.1.30

0.1.31

0.1.33

0.1.36

0.1.37

0.1.38

0.1.39

0.1.40

0.1.42

0.1.43

0.1.44

0.1.45

0.1.46

0.1.47

0.1.48

0.1.49

0.1.50

0.1.51

0.1.52

0.1.53

0.1.54

0.1.55

0.1.56

0.1.57

0.1.58

0.1.59

0.1.60

0.1.61

0.1.62

0.1.63

0.1.64

0.1.65

1.*

1.0.0

1.0.0.0b1

1.0.0.0b2

1.0.0.0b3

1.0.0.0rc1

1.0.0.0rc2

1.0.0a0

10.*

10.0.0

10.0.0.0rc1

11.*

11.0.0

11.0.0.0rc1

12.*

12.0.0.0rc1

13.*

13.0.0

13.0.0.0rc1

2.*

2.0.0

2.0.0.0b1

2.0.0.0b2

2.0.0.0b3

2.0.0.0rc1

2.0.0.0rc2

2014.*

2014.1

2014.1.b2

2014.1.b3

2014.2

2014.2.b2

2014.2.b3

2014.2.rc1

2015.*

2015.1.0

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

2015.1.0rc2

2015.1.0rc3

3.*

3.0.0

3.0.0.0b2

3.0.0.0b3

3.0.0.0rc1

4.*

4.0.0

4.0.0.0b2

4.0.0.0b3

4.0.0.0rc1

5.*

5.0.0

5.0.0.0b1

5.0.0.0b2

5.0.0.0b3

5.0.0.0rc1

6.*

6.0.0

6.0.0.0b1

6.0.0.0b2

6.0.0.0b3

6.0.0.0rc1

7.*

7.0.0

7.0.0.0b1

7.0.0.0b2

7.0.0.0b3

7.0.0.0rc1

8.*

8.0.0

8.0.0.0rc1

9.*

9.0.0

9.0.0.0rc1

Other

ocata-em

rocky-em

victoria-em