OpenStack Barbican Auth Flaw: Auth Users Modify Secret Metadata
CVE-2022-23451 Published on September 6, 2022
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2022-23451 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2022-23451
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-23451 are published in these products:
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.