An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-23451 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2022878 | Issue Tracking Permissions Required |
https://bugzilla.redhat.com/show_bug.cgi?id=2025089 | Issue Tracking Third Party Advisory |
https://review.opendev.org/c/openstack/barbican/+/811236 | Patch Third Party Advisory |
https://storyboard.openstack.org/#%21/story/2009253 |
Configurations
History
No history.
Information
Published : 2022-09-06 18:15
Updated : 2024-02-28 19:29
NVD link : CVE-2022-23451
Mitre link : CVE-2022-23451
CVE.ORG link : CVE-2022-23451
JSON object : View
Products Affected
redhat
- openstack_platform
openstack
- barbican
CWE
CWE-863
Incorrect Authorization