Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "barbican-api", "binary_version": "1:6.0.1-0ubuntu1.2" }, { "binary_name": "barbican-common", "binary_version": "1:6.0.1-0ubuntu1.2" }, { "binary_name": "barbican-doc", "binary_version": "1:6.0.1-0ubuntu1.2" }, { "binary_name": "barbican-keystone-listener", "binary_version": "1:6.0.1-0ubuntu1.2" }, { "binary_name": "barbican-worker", "binary_version": "1:6.0.1-0ubuntu1.2" }, { "binary_name": "python-barbican", "binary_version": "1:6.0.1-0ubuntu1.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "barbican-api", "binary_version": "1:10.1.0-0ubuntu2.2" }, { "binary_name": "barbican-common", "binary_version": "1:10.1.0-0ubuntu2.2" }, { "binary_name": "barbican-doc", "binary_version": "1:10.1.0-0ubuntu2.2" }, { "binary_name": "barbican-keystone-listener", "binary_version": "1:10.1.0-0ubuntu2.2" }, { "binary_name": "barbican-worker", "binary_version": "1:10.1.0-0ubuntu2.2" }, { "binary_name": "python3-barbican", "binary_version": "1:10.1.0-0ubuntu2.2" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "barbican-api", "binary_version": "2:14.0.0-0ubuntu1.1" }, { "binary_name": "barbican-common", "binary_version": "2:14.0.0-0ubuntu1.1" }, { "binary_name": "barbican-doc", "binary_version": "2:14.0.0-0ubuntu1.1" }, { "binary_name": "barbican-keystone-listener", "binary_version": "2:14.0.0-0ubuntu1.1" }, { "binary_name": "barbican-worker", "binary_version": "2:14.0.0-0ubuntu1.1" }, { "binary_name": "python3-barbican", "binary_version": "2:14.0.0-0ubuntu1.1" } ] }