PublicDateAtUSN: 2022-01-28 00:00:00 UTC
Candidate: CVE-2022-23451
PublicDate: 2022-01-28 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23451
 https://ubuntu.com/security/notices/USN-5387-1
Description:
 Barbican allows authenticated users to add/modify/delete arbitrary
 metadata on any secret
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://storyboard.openstack.org/#!/story/2009253
 https://bugzilla.redhat.com/show_bug.cgi?id=2025089
Priority: medium
Discovered-by: Douglas Mendizábal
Assigned-to:
CVSS:


Patches_barbican:
 upstream: https://opendev.org/openstack/barbican/commit/7d270bacbe29a90a10f1855abc3b50dac0f08022 (master)
 upstream: https://opendev.org/openstack/barbican/commit/af262dc30c4ec7a8c6df86b67ed202f602296d46 (pt2 - master)
 upstream: https://opendev.org/openstack/barbican/commit/750a79b4f5fbb94b1a1d0f329a0c8a51566b2cae (13.x)
 upstream: https://opendev.org/openstack/barbican/commit/b1e5386fbd714a13bb104c56b4927cf11ccddf9b (pt2 - 13.x)
 upstream: https://opendev.org/openstack/barbican/commit/64a4242454a65df17abc10e13861463a2de71813 (12.x)
 upstream: https://opendev.org/openstack/barbican/commit/b30cb63d3a258ff26e3b9cdc0dab1e604fc6b6d1 (pt2 - 12.x)
 upstream: https://opendev.org/openstack/barbican/commit/86d7d6411075a15cdea742acfa9f6d0ca42c044c (11.x)
 upstream: https://opendev.org/openstack/barbican/commit/32702400655675d30ebe53b2151da77532d56bb1 (10.x)
 upstream: https://opendev.org/openstack/barbican/commit/3acf50a823bd61090d2c102a0cfa509651a8956a (9.x)
upstream_barbican: released (14.0.0)
trusty_barbican: ignored (out of standard support)
xenial_barbican: ignored (out of standard support)
bionic_barbican: released (1:6.0.1-0ubuntu1.1)
focal_barbican: released (1:10.1.0-0ubuntu2.1)
impish_barbican: released (2:13.0.0-0ubuntu1.2)
jammy_barbican: not-affected (2:14.0.0-0ubuntu1)
devel_barbican: not-affected (2:14.0.0-0ubuntu1)