CVE-2022-23451
Publication date 28 January 2022
Last updated 18 August 2025
Ubuntu priority
Description
An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| barbican | 25.10 questing |
Not affected
|
| 25.04 plucky |
Not affected
|
|
| 24.04 LTS noble |
Not affected
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 1:10.1.0-0ubuntu2.1
|
|
| 18.04 LTS bionic |
Fixed 1:6.0.1-0ubuntu1.1
|
|
| 16.04 LTS xenial |
Vulnerable
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Patch details
| Package | Patch details |
|---|---|
| barbican |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.1 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-5387-1
- Barbican vulnerabilities
- 25 April 2022