Openstack Barbican
5 CVEs affecting Openstack Barbican. Latest disclosed: 2023-09-24. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23451 | High | 8.1 | 2022-09-06 | An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or d… |
CVE-2023-1633 | Medium | 6.6 | 2023-09-24 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sens… |
CVE-2023-1636 | Medium | 6.0 | 2023-09-24 | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barb… |
CVE-2022-3100 | Medium | 5.9 | 2023-01-18 | A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. |
CVE-2022-23452 | Medium | 4.9 | 2022-09-01 | An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an… |