CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:39

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.0
v2 : unknown
v3 : 6.0
References () https://access.redhat.com/security/cve/CVE-2023-1636 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-1636 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2181765 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2181765 - Issue Tracking, Third Party Advisory

26 Sep 2023, 17:57

Type Values Removed Values Added
First Time Redhat
Openstack
Openstack barbican
Redhat openstack Platform
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.0
CPE cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2181765 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2181765 - Issue Tracking, Third Party Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2023-1636 - (MISC) https://access.redhat.com/security/cve/CVE-2023-1636 - Third Party Advisory

24 Sep 2023, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-24 01:15

Updated : 2024-11-21 07:39


NVD link : CVE-2023-1636

Mitre link : CVE-2023-1636

CVE.ORG link : CVE-2023-1636


JSON object : View

Products Affected

openstack

  • barbican

redhat

  • openstack_platform
CWE
CWE-653

Improper Isolation or Compartmentalization

NVD-CWE-noinfo