CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:barbican:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*

History

21 Nov 2024, 06:48

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2022-23451 - Issue Tracking, Third Party Advisory () https://access.redhat.com/security/cve/CVE-2022-23451 - Issue Tracking, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2022878 - Issue Tracking, Permissions Required () https://bugzilla.redhat.com/show_bug.cgi?id=2022878 - Issue Tracking, Permissions Required
References () https://bugzilla.redhat.com/show_bug.cgi?id=2025089 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2025089 - Issue Tracking, Third Party Advisory
References () https://review.opendev.org/c/openstack/barbican/+/811236 - Patch, Third Party Advisory () https://review.opendev.org/c/openstack/barbican/+/811236 - Patch, Third Party Advisory
References () https://storyboard.openstack.org/#%21/story/2009253 - () https://storyboard.openstack.org/#%21/story/2009253 -

Information

Published : 2022-09-06 18:15

Updated : 2024-11-21 06:48


NVD link : CVE-2022-23451

Mitre link : CVE-2022-23451

CVE.ORG link : CVE-2022-23451


JSON object : View

Products Affected

redhat

  • openstack_platform

openstack

  • barbican
CWE
CWE-863

Incorrect Authorization