PublicDateAtUSN: 2022-01-28 00:00:00 UTC
Candidate: CVE-2022-23452
PublicDate: 2022-01-28 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23452
 https://ubuntu.com/security/notices/USN-5387-1
Description:
 Barbican allows anyone with an admin role to add their secrets to a
 different project's containers
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 https://storyboard.openstack.org/#!/story/2009297
 https://bugzilla.redhat.com/show_bug.cgi?id=2025090
Priority: medium
Discovered-by: Douglas Mendizábal
Assigned-to:
CVSS:


Patches_barbican:
 upstream: https://opendev.org/openstack/barbican/commit/6c841b23afa8ed6fa4cd01ba1a6bebfb60f06ae5 (master)
 upstream: https://opendev.org/openstack/barbican/commit/bbb87ea8d66be300093a66723aef5ed4cf8b6b78 (13.x)
 upstream: https://opendev.org/openstack/barbican/commit/a8226fcf33f16078d92949af23bdf41a7593bb64 (12.x)
 upstream: https://opendev.org/openstack/barbican/commit/7cf500a98239e861f877539827f3be57c920b95c (11.x)
 upstream: https://opendev.org/openstack/barbican/commit/54e342fa7cf15cb77b2bc4b330c5b8fa41678881 (10.x)
 upstream: https://opendev.org/openstack/barbican/commit/ecfef01555b299e3b58392208d1630ed84ca6717 (9.x)
upstream_barbican: released (14.0.0)
trusty_barbican: ignored (out of standard support)
xenial_barbican: ignored (out of standard support)
bionic_barbican: released (1:6.0.1-0ubuntu1.1)
focal_barbican: released (1:10.1.0-0ubuntu2.1)
impish_barbican: released (2:13.0.0-0ubuntu1.2)
jammy_barbican: not-affected (2:14.0.0-0ubuntu1)
devel_barbican: not-affected (2:14.0.0-0ubuntu1)