CVE-2023-1633

Summary

CVE	CVE-2023-1633
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-24 01:15:00 UTC
Updated	2023-11-07 04:04:00 UTC
Description	A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

Risk And Classification

Problem Types: CWE-522

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Openstack	Barbican	-	All	All	All
Application	Redhat	Openstack Platform	16.1	All	All	All
Application	Redhat	Openstack Platform	16.2	All	All	All
Application	Redhat	Openstack Platform	17.0	All	All	All

References

Reference	Source	Link	Tags
cve-details	MISC	access.redhat.com
2181761 – (CVE-2023-1633) CVE-2023-1633 openstack-barbican: Insecure Barbican configuration file leaking credential	MISC	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

242348 Red Hat Update for OpenStack Platform 16.2 (RHSA-2023:6231)
995406 Python (Pip) Security Update for barbican (GHSA-6qqp-4vm3-359v)