A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-1636 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2181765 | Issue Tracking Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2023-1636 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2181765 | Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 07:39
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.0 |
References | () https://access.redhat.com/security/cve/CVE-2023-1636 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2181765 - Issue Tracking, Third Party Advisory |
26 Sep 2023, 17:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat
Openstack Openstack barbican Redhat openstack Platform |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.0 |
CPE | cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2181765 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-1636 - Third Party Advisory |
24 Sep 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-24 01:15
Updated : 2024-11-21 07:39
NVD link : CVE-2023-1636
Mitre link : CVE-2023-1636
CVE.ORG link : CVE-2023-1636
JSON object : View
Products Affected
openstack
- barbican
redhat
- openstack_platform
CWE