CVE-2023-1636
Summary
| CVE | CVE-2023-1636 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-24 01:15:00 UTC |
| Updated | 2023-11-07 04:04:00 UTC |
| Description | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openstack | Barbican | - | All | All | All |
| Application | Redhat | Openstack Platform | 16.1 | All | All | All |
| Application | Redhat | Openstack Platform | 16.2 | All | All | All |
| Application | Redhat | Openstack Platform | 17.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cve-details | MISC | access.redhat.com | |
| 2181765 – (CVE-2023-1636) CVE-2023-1636 openstack-barbican: incomplete container isolation | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 995404 Python (Pip) Security Update for barbican (GHSA-6rx9-c2rh-3qv4)