Douglas Mendizábal discovered that Barbican incorrectly handled access restrictions. An authenticated attacker could possibly use this issue to consume protected resources and possibly cause a denial of service. (CVE-2022-23451, CVE-2022-23452)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-api" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-common" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-doc" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-keystone-listener" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "barbican-worker" }, { "binary_version": "1:6.0.1-0ubuntu1.1", "binary_name": "python-barbican" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-api" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-common" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-doc" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-keystone-listener" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "barbican-worker" }, { "binary_version": "1:10.1.0-0ubuntu2.1", "binary_name": "python3-barbican" } ] }