Miggo Logo

CVE-2022-23452: openstack-barbican Denial of Service vulnerability

4.9

CVSS Score
3.1

Basic Information

EPSS Score
0.21519%
Published
9/2/2022
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
barbicanpip< 14.0.014.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper authorization checks when associating secrets with containers. The ContainersController.post method is the logical entry point for adding secrets to containers. In OpenStack services, authorization flaws often occur in API endpoint handlers where policy enforcement is missing or misconfigured. The CWE-863 classification and the description of 'admin role bypassing project boundaries' strongly suggest the vulnerability exists in the container secret association logic, which would be handled by this controller method. The high confidence comes from the direct mapping between the described vulnerability and the controller's responsibility for managing container-secret relationships.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n *ut*oriz*tion *l*w w*s *oun* in op*nst**k-**r*i**n, w**r* *nyon* wit* *n **min rol* *oul* *** s**r*ts to * *i***r*nt proj**t *ont*in*r. T*is *l*w *llows *n *tt**k*r on t** n*twork to *onsum* prot**t** r*sour**s *n* **us* * **ni*l o* s*rvi**.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *ut*oriz*tion ****ks w**n *sso*i*tin* s**r*ts wit* *ont*in*rs. T** `*ont*in*rs*ontroll*r.post` m*t*o* is t** lo*i**l *ntry point *or ***in* s**r*ts to *ont*in*rs. In Op*nSt**k s*rvi**s, *ut*oriz*tion *l*ws o*t*n