Insecure barbican configuration file leaking credential
CVE-2023-1633

6.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Openstack-barbican; Red Hat Openstack Platform 13 (queens); Red Hat Openstack Platform 16.1; Red Hat Openstack Platform 16.2
Vendor: CVE Published:; 24 September 2023

Summary

A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.

References

https://access.redhat.com/security/cve/CVE-2023-1633

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2181761

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 24, 2023
Vulnerability Reserved
Mar 25, 2023

Collectors

NVD DatabaseMitre Database

Credit

This issue was discovered by Ade Lee (Red Hat) and Grzegorz Grasza (Red Hat).