An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-api" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-common" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-doc" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-keystone-listener" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-worker" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "python-barbican" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-api" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-common" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-doc" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-keystone-listener" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-worker" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "python3-barbican" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2:14.0.0-0ubuntu1", "binary_name": "barbican-api" }, { "binary_version": "2:14.0.0-0ubuntu1", "binary_name": "barbican-common" }, { "binary_version": "2:14.0.0-0ubuntu1", "binary_name": "barbican-doc" }, { "binary_version": "2:14.0.0-0ubuntu1", "binary_name": "barbican-keystone-listener" }, { "binary_version": "2:14.0.0-0ubuntu1", "binary_name": "barbican-worker" }, { "binary_version": "2:14.0.0-0ubuntu1", "binary_name": "python3-barbican" } ] }