OpenStack Barbican
By the Year
In 2023 there have been 3 vulnerabilities in OpenStack Barbican with an average score of 5.5 out of ten. Last year Barbican had 2 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2023 as compared to last year. Last year, the average CVE base score was greater by 1.03
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 3 | 5.47 |
| 2022 | 2 | 6.50 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Barbican vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenStack Barbican Security Vulnerabilities
A vulnerability was found in OpenStack Barbican containers
CVE-2023-1636
5 - Medium
- September 24, 2023
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
A credentials leak flaw was found in OpenStack Barbican
CVE-2023-1633
5.5 - Medium
- September 24, 2023
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
Insufficiently Protected Credentials
A flaw was found in the openstack-barbican component
CVE-2022-3100
5.9 - Medium
- January 18, 2023
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
Authentication Bypass by Primary Weakness
An authorization flaw was found in openstack-barbican
CVE-2022-23451
8.1 - High
- September 06, 2022
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
AuthZ
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container
CVE-2022-23452
4.9 - Medium
- September 01, 2022
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Openstack Platform or by OpenStack? Click the Watch button to subscribe.
