CVE-2022-23451 Information

Description

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add modify or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data causing a denial of service by consuming protected resources.

Reference

https://review.opendev.org/c/openstack/barbican/+/811236 https://bugzilla.redhat.com/show_bug.cgi?id=2025089 https://access.redhat.com/security/cve/CVE-2022-23451 https://bugzilla.redhat.com/show_bug.cgi?id=2022878 https://storyboard.openstack.org/#!/story/2009253