An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "barbican-doc": "1:6.0.1-0ubuntu1.1", "barbican-api": "1:6.0.1-0ubuntu1.1", "barbican-common": "1:6.0.1-0ubuntu1.1", "barbican-keystone-listener": "1:6.0.1-0ubuntu1.1", "barbican-worker": "1:6.0.1-0ubuntu1.1", "python-barbican": "1:6.0.1-0ubuntu1.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "barbican-api": "1:10.1.0-0ubuntu2.1", "barbican-worker": "1:10.1.0-0ubuntu2.1", "barbican-common": "1:10.1.0-0ubuntu2.1", "barbican-keystone-listener": "1:10.1.0-0ubuntu2.1", "python3-barbican": "1:10.1.0-0ubuntu2.1", "barbican-doc": "1:10.1.0-0ubuntu2.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "barbican-api": "2:14.0.0-0ubuntu1", "barbican-worker": "2:14.0.0-0ubuntu1", "barbican-common": "2:14.0.0-0ubuntu1", "barbican-keystone-listener": "2:14.0.0-0ubuntu1", "python3-barbican": "2:14.0.0-0ubuntu1", "barbican-doc": "2:14.0.0-0ubuntu1" } ] }