CVE-2022-23452

Summary

CVE	CVE-2022-23452
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-01 21:15:00 UTC
Updated	2023-02-12 22:15:00 UTC
Description	An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.

Risk And Classification

Problem Types: CWE-863

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openstack	Barbican	All	All	All	All
Application	Redhat	Openstack Platform	16.1	All	All	All

References

Reference	Source	Link	Tags
StoryBoard	MISC	storyboard.openstack.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
StoryBoard	MISC	storyboard.openstack.org
2025090 – (CVE-2022-23452) CVE-2022-23452 openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project's containers	MISC	bugzilla.redhat.com
review.opendev.org/c/openstack/barbican/+/814200	MISC	review.opendev.org
Bug Access Denied	MISC	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

182979 Debian Security Update for barbican (CVE-2022-23452)
198750 Ubuntu Security Notification for Barbican Vulnerabilities (USN-5387-1)
240486 Red Hat Update for OpenStack Platform 16.2 (RHSA-2022:5114)
240985 Red Hat Update for OpenStack Platform 16.1.9 (RHSA-2022:8874)