barbican

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting barbicanpage 1 of 1

CVE-2022-23451HIGHCVSS 8.1EG 8.1✓ Fixed in 14.0.0
2022-09-06
vulnerable: 0 ... 9.0.1 (23 versions)
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an atta…
CVE-2022-23452MEDIUMCVSS 4.9EG 4.9✓ Fixed in 14.0.0
2022-09-01
vulnerable: 0 ... 9.0.1 (23 versions)
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of ser…
CVE-2023-1633MEDIUMCVSS 6.6EG 6.6
2023-09-24
vulnerable: 0 ... 9.0.1 (33 versions)
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
CVE-2023-1636MEDIUMCVSS 6.0EG 6.0
2023-09-24
vulnerable: 0 ... 9.0.1 (33 versions)
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host sys…

Check whether barbican is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for barbican CVEs against the assets you own.

Start Free Scan →