SB2022042573 - Ubuntu update for barbican

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022042573

SB2022042573 - Ubuntu update for barbican

Published: April 25, 2022

Security Bulletin ID SB2022042573
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper Authorization (CVE-ID: CVE-2022-23451)

The vulnerability allows a remote user to perform unauthorized actions within the application.

The vulnerability exists due to improper authorization checks. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data, causing a denial of service by consuming protected resources.


2) Improper Authorization (CVE-ID: CVE-2022-23452)

The vulnerability allows a remote user to perform unauthorized actions within the application.

The vulnerability exists due to missing authorization checks. A remote user with admin role can add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.


Remediation

Install update from vendor's website.

References