An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-23451 | Issue Tracking Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2022878 | Issue Tracking Permissions Required |
https://bugzilla.redhat.com/show_bug.cgi?id=2025089 | Issue Tracking Third Party Advisory |
https://review.opendev.org/c/openstack/barbican/+/811236 | Patch Third Party Advisory |
https://storyboard.openstack.org/#%21/story/2009253 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-09-06T17:18:52
Updated: 2022-09-06T17:18:52
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23451
JSON object: View
NVD Information
Status : Modified
Published: 2022-09-06T18:15:10.640
Modified: 2023-02-12T22:15:24.587
Link: CVE-2022-23451
JSON object: View
Redhat Information
No data.
CWE