StarlingX

[Debian] Medium CVE: CVE-2022-3100: barbican: an access policy bypass via a query string

Bug #2021469 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
ZhangXiao

Bug Description

CVE-2022-3100: https://nvd.nist.gov/vuln/detail/CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Base Score: Medium

References:

https://www.debian.org/security/2022/dsa-5247

https://security-tracker.debian.org/tracker/CVE-2022-3100

barbican_1:11.0.0-3+deb11u1

barbican is a source package in upstream repository

CVE References

ZhangXiao (zhangxiao-windriver)
Changed in starlingx:
assignee: nobody → ZhangXiao (zhangxiao-windriver)
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Fixed by: https://review.opendev.org/c/starlingx/upstream/+/886885 which merged on June 26.

Changed in starlingx:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.