CVE-2022-23451

Sažetak

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.

Reference

https://review.opendev.org/c/openstack/barbican/+/811236
https://bugzilla.redhat.com/show_bug.cgi?id=2025089
https://access.redhat.com/security/cve/CVE-2022-23451
https://bugzilla.redhat.com/show_bug.cgi?id=2022878
https://storyboard.openstack.org/#%21/story/2009253

CVSS

Base:	8.1
Impact:	5.2
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	-

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Zadnje važnije ažuriranje

12-02-2023 - 22:15

Objavljeno

06-09-2022 - 18:15