First published: Sat Mar 25 2023(Updated: )
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
OpenStack Barbican | ||
Redhat Openstack Platform | =16.1 | |
Redhat Openstack Platform | =16.2 | |
Redhat Openstack Platform | =17.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this OpenStack Barbican vulnerability is CVE-2023-1636.
The severity of CVE-2023-1636 is medium (6 out of 10).
Versions up to and including 16.0.0 of OpenStack Barbican are affected by CVE-2023-1636.
The vulnerability CVE-2023-1636 is exploited when an attacker compromises any service within the same CGROUP, USER, and NET namespace as the Barbican containers.
Yes, you can find references for CVE-2023-1636 at the following links: [link1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2188735), [link2](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2181765#c0), [link3](https://access.redhat.com/security/cve/CVE-2023-1636).