CVE-2022-23452: openstack-barbican Denial of Service vulnerability
(updated )
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
References
- access.redhat.com/errata/RHSA-2022:5114
- access.redhat.com/errata/RHSA-2022:8874
- access.redhat.com/security/cve/CVE-2022-23452
- bugzilla.redhat.com/show_bug.cgi?id=2022908
- bugzilla.redhat.com/show_bug.cgi?id=2025090
- github.com/advisories/GHSA-6p2h-rjj7-2j63
- github.com/openstack/barbican/commit/6c841b23afa8ed6fa4cd01ba1a6bebfb60f06ae5
- nvd.nist.gov/vuln/detail/CVE-2022-23452
- review.opendev.org/c/openstack/barbican/+/814200
- storyboard.openstack.org/
- storyboard.openstack.org/
Code Behaviors & Features
Detect and mitigate CVE-2022-23452 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →