Incomplete container isolation
CVE-2023-1636

6MEDIUM

Key Information:

Vendor: Red Hat
Status: Openstack-barbican; Red Hat Openstack Platform 13 (queens); Red Hat Openstack Platform 16.1; Red Hat Openstack Platform 16.2
Vendor: CVE Published:; 24 September 2023

Summary

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

References

https://access.redhat.com/security/cve/CVE-2023-1636

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2181765

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 24, 2023
Vulnerability Reserved
Mar 25, 2023

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank ANSSI and Amossys for reporting this issue.