CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

References

Affected packages

Git / github.com/openstack/barbican

Affected ranges

Type: GIT
Repo: https://github.com/openstack/barbican
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ffea7f79c9d4d1c37ecce44bc424eaff9704bdaa

Affected versions

0.*

0.1.30

0.1.31

0.1.33

0.1.36

0.1.37

0.1.38

0.1.39

0.1.40

0.1.42

0.1.43

0.1.44

0.1.45

0.1.46

0.1.47

0.1.48

0.1.49

0.1.50

0.1.51

0.1.52

0.1.53

0.1.54

0.1.55

0.1.56

0.1.57

0.1.58

0.1.59

0.1.60

0.1.61

0.1.62

0.1.63

0.1.64

0.1.65

1.*

1.0.0

1.0.0.0b1

1.0.0.0b2

1.0.0.0b3

1.0.0.0rc1

1.0.0.0rc2

1.0.0a0

10.*

10.0.0

10.0.0.0rc1

11.*

11.0.0

11.0.0.0rc1

12.*

12.0.0.0rc1

13.*

13.0.0

13.0.0.0rc1

2.*

2.0.0

2.0.0.0b1

2.0.0.0b2

2.0.0.0b3

2.0.0.0rc1

2.0.0.0rc2

2014.*

2014.1

2014.1.b2

2014.1.b3

2014.2

2014.2.b2

2014.2.b3

2014.2.rc1

2015.*

2015.1.0

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

2015.1.0rc2

2015.1.0rc3

3.*

3.0.0

3.0.0.0b2

3.0.0.0b3

3.0.0.0rc1

4.*

4.0.0

4.0.0.0b2

4.0.0.0b3

4.0.0.0rc1

5.*

5.0.0

5.0.0.0b1

5.0.0.0b2

5.0.0.0b3

5.0.0.0rc1

6.*

6.0.0

6.0.0.0b1

6.0.0.0b2

6.0.0.0b3

6.0.0.0rc1

7.*

7.0.0

7.0.0.0b1

7.0.0.0b2

7.0.0.0b3

7.0.0.0rc1

8.*

8.0.0

8.0.0.0rc1

9.*

9.0.0

9.0.0.0rc1

Other

ocata-em

rocky-em

victoria-em

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23451.json"