CVE-2022-23451

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions openstack-barbican (affected versions not specified)

Description An authorization flaw was found in the default policy rules for the secret metadata API, allowing any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This issue enables an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2022-23451

GHSA-P2JG-Q8HW-P7GC

RHSA-2022:5114

RHSA-2022:8874

SUSE-SU-2022:1729-1

USN-5387-1

Affected Products

Debian

Linuxmint

Ubuntu

Openstack-Barbican

CVE-2022-23451

Weakness Enumeration

Related Identifiers

Affected Products

References · 58