OpenStack Barbican Config File Leak allows Authenticated Local Reader
CVE-2023-1633 Published on September 24, 2023

Insecure barbican configuration file leaking credential
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

NVD

Vulnerability Analysis

CVE-2023-1633 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
LOW

Timeline

Reported to Red Hat.

Made public. 27 days later.

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2023-1633 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2023-1633

stack.watch emails you whenever new vulnerabilities are published in OpenStack Barbican or Red Hat Openstack Platform. Just hit a watch button to start following.

OpenStack Barbican
 
Red Hat Openstack Platform
 

Exploit Probability

EPSS
0.02%
Percentile
6.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.