CVE-2022-23451

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23451
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23451.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-23451
Aliases
Related
Published
2022-09-06T18:15:10Z
Modified
2024-10-12T09:13:49.538812Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

References

Affected packages

Debian:11 / barbican

Package

Name
barbican
Purl
pkg:deb/debian/barbican?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:11.*

1:11.0.0-3
1:11.0.0-3+deb11u1

1:12.*

1:12.0.0~rc1-1
1:12.0.0-1
1:12.0.0-2
1:12.0.0-3

1:13.*

1:13.0.0~rc1-1
1:13.0.0~rc1-2
1:13.0.0-1

1:14.*

1:14.0.0~rc1-1
1:14.0.0~rc1-2
1:14.0.0-1
1:14.0.0-2
1:14.0.0-3

1:15.*

1:15.0.0~rc1-1
1:15.0.0~rc3-1
1:15.0.0-1
1:15.0.0-1.1
1:15.0.1-1
1:15.0.1-2

1:16.*

1:16.0.0~rc1-1
1:16.0.0-1
1:16.0.0-2
1:16.0.0-3
1:16.0.0-4

1:17.*

1:17.0.0~rc1-1
1:17.0.0-1
1:17.0.0-2
1:17.0.0-3

1:18.*

1:18.0.0~rc1-1
1:18.0.0-1

1:19.*

1:19.0.0~rc1-1
1:19.0.0~rc1-2
1:19.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / barbican

Package

Name
barbican
Purl
pkg:deb/debian/barbican?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:14.0.0~rc1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / barbican

Package

Name
barbican
Purl
pkg:deb/debian/barbican?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:14.0.0~rc1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/barbican

Affected ranges

Type
GIT
Repo
https://github.com/openstack/barbican
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.30
0.1.31
0.1.33
0.1.36
0.1.37
0.1.38
0.1.39
0.1.40
0.1.42
0.1.43
0.1.44
0.1.45
0.1.46
0.1.47
0.1.48
0.1.49
0.1.50
0.1.51
0.1.52
0.1.53
0.1.54
0.1.55
0.1.56
0.1.57
0.1.58
0.1.59
0.1.60
0.1.61
0.1.62
0.1.63
0.1.64
0.1.65

1.*

1.0.0
1.0.0.0b1
1.0.0.0b2
1.0.0.0b3
1.0.0.0rc1
1.0.0.0rc2
1.0.0a0

10.*

10.0.0
10.0.0.0rc1

11.*

11.0.0
11.0.0.0rc1

12.*

12.0.0.0rc1

13.*

13.0.0
13.0.0.0rc1

2.*

2.0.0
2.0.0.0b1
2.0.0.0b2
2.0.0.0b3
2.0.0.0rc1
2.0.0.0rc2

2014.*

2014.1
2014.1.b2
2014.1.b3
2014.2
2014.2.b2
2014.2.b3
2014.2.rc1

2015.*

2015.1.0
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
2015.1.0rc2
2015.1.0rc3

3.*

3.0.0
3.0.0.0b2
3.0.0.0b3
3.0.0.0rc1

4.*

4.0.0
4.0.0.0b2
4.0.0.0b3
4.0.0.0rc1

5.*

5.0.0
5.0.0.0b1
5.0.0.0b2
5.0.0.0b3
5.0.0.0rc1

6.*

6.0.0
6.0.0.0b1
6.0.0.0b2
6.0.0.0b3
6.0.0.0rc1

7.*

7.0.0
7.0.0.0b1
7.0.0.0b2
7.0.0.0b3
7.0.0.0rc1

8.*

8.0.0
8.0.0.0rc1

9.*

9.0.0
9.0.0.0rc1

Other

ocata-em
rocky-em
victoria-em