Home > Vulnerability Database > CVE-2022-23451

Mend.io Vulnerability Database

CVE-2022-23451

Good to know:

Date: September 6, 2022

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

Language: Python

Severity Score

8.1

Related Resources (11)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2022878

Url: https://access.redhat.com/errata/RHSA-2022:5114

Url: https://access.redhat.com/security/cve/CVE-2022-23451

Url: https://github.com/openstack/barbican/commit/7d270bacbe29a90a10f1855abc3b50dac0f08022

Url: https://github.com/openstack/barbican

Url: https://review.opendev.org/c/openstack/barbican/+/811236

Url: https://bugzilla.redhat.com/show_bug.cgi?id=2025089

Url: https://storyboard.openstack.org/#%21/story/2009253

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23451

Url: https://access.redhat.com/errata/RHSA-2022:8874

Url: https://www.mend.io/vulnerability-database/CVE-2022-23451

Severity Score

8.1

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23451

Good to know:

Date: September 6, 2022

Language: Python

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?