CVE-2022-23451
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23451
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23451.json
- Aliases
- Related
- Published
- 2022-09-06T18:15:10Z
- Modified
- 2023-11-29T09:26:51.464215Z
- Details
-
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
- References
Affected packages
Git / github.com/openstack/barbican
Affected versions
0.*
0.1.30
0.1.31
0.1.33
0.1.36
0.1.37
0.1.38
0.1.39
0.1.40
0.1.42
0.1.43
0.1.44
0.1.45
0.1.46
0.1.47
0.1.48
0.1.49
0.1.50
0.1.51
0.1.52
0.1.53
0.1.54
0.1.55
0.1.56
0.1.57
0.1.58
0.1.59
0.1.60
0.1.61
0.1.62
0.1.63
0.1.64
0.1.65
1.*
1.0.0
1.0.0.0b1
1.0.0.0b2
1.0.0.0b3
1.0.0.0rc1
1.0.0.0rc2
1.0.0a0
10.*
10.0.0
10.0.0.0rc1
11.*
11.0.0
11.0.0.0rc1
12.*
12.0.0.0rc1
13.*
13.0.0
13.0.0.0rc1
2.*
2.0.0
2.0.0.0b1
2.0.0.0b2
2.0.0.0b3
2.0.0.0rc1
2.0.0.0rc2
2014.*
2014.1
2014.1.b2
2014.1.b3
2014.2
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
2015.1.0rc2
2015.1.0rc3
3.*
3.0.0
3.0.0.0b2
3.0.0.0b3
3.0.0.0rc1
4.*
4.0.0
4.0.0.0b2
4.0.0.0b3
4.0.0.0rc1
5.*
5.0.0
5.0.0.0b1
5.0.0.0b2
5.0.0.0b3
5.0.0.0rc1
6.*
6.0.0
6.0.0.0b1
6.0.0.0b2
6.0.0.0b3
6.0.0.0rc1
7.*
7.0.0
7.0.0.0b1
7.0.0.0b2
7.0.0.0b3
7.0.0.0rc1
8.*
8.0.0
8.0.0.0rc1
9.*
9.0.0
9.0.0.0rc1
Other
ocata-em
rocky-em
victoria-em