CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:barbican:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-06 18:15

Updated : 2024-02-28 19:29


NVD link : CVE-2022-23451

Mitre link : CVE-2022-23451

CVE.ORG link : CVE-2022-23451


JSON object : View

Products Affected

redhat

  • openstack_platform

openstack

  • barbican
CWE
CWE-863

Incorrect Authorization