Barbican
CVE-2023-1636
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
AnalysisAI
A vulnerability was found in OpenStack Barbican containers. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-653. A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. Affected products include: Openstack Barbican, Redhat Openstack Platform.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An authorization flaw was found in openstack-barbican. Rated high severity (CVSS 8.1), this vulnerability is remotely ex
A credentials leak flaw was found in OpenStack Barbican. Rated medium severity (CVSS 5.5), this vulnerability is low att
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different
Same weakness CWE-653 – Improper Isolation or Compartmentalization
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today