CVE-2022-3100

Published: Jan 18, 2023Modified: Apr 3, 2025

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Exploitability: 1.6 / Impact: 4.2

Source: NVD

Description

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Affected (9)

Products: Openstack: Barbican · Redhat: Openstack, Openstack For Ibm Power, Openstack Platform

1 product

3 products

Openstack For Ibm Power

Openstack Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Barbican	All versions

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 13
Redhat Openstack	Version 16.1
Redhat Openstack	Version 16.2
Redhat Openstack	Version 17
Redhat Openstack For Ibm Power	Version 13
Redhat Openstack For Ibm Power	Version 16.1
Redhat Openstack For Ibm Power	Version 16.2

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 13.0

Running on/with	Platform Versions
Redhat Enterprise Linux Eus	Version 7.6

Related CWEs

Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References (2)

https://access.redhat.com/security/cve/CVE-2022-3100

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2022-3100

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.