What is CVE-2022-23451?

CVE-2022-23451 is a high-severity vulnerability in Openstack Barbican, classified under Incorrect Authorization. CVSS score: 8.1/10. Published 2022-09-06.

How severe is CVE-2022-23451?

High severity. CVSS v3 base score is 8.1 out of 10.

Is CVE-2022-23451 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Openstack Barbican

CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an atta…

Vulnerability class: Broken Access Control

EPSS: 0.010 (57.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H.

Affected products

Openstack Barbican
Redhat Openstack_platform — versions 13.0, 16.1, 16.2
N/a Openstack/barbican — versions Fixed in v14.0.0

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (Permissions Required, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (x_refsource_MISC)
secalert@redhat.com (Patch, Third Party Advisory, x_refsource_MISC)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)

Frequently asked questions

What is CVE-2022-23451?: CVE-2022-23451 is a high-severity vulnerability in Openstack Barbican, classified under Incorrect Authorization. CVSS score: 8.1/10. Published 2022-09-06.
How severe is CVE-2022-23451?: High severity. CVSS v3 base score is 8.1 out of 10.
Is CVE-2022-23451 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.