CVE-2023-1636

Published: Sep 24, 2023Modified: Nov 21, 2024

5.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.1 / Impact: 1.4

Source: NVD

Description

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

Affected (4)

Products: Openstack: Barbican · Redhat: Openstack Platform

1 product

1 product

Openstack Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Barbican	All versions

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 16.1
Redhat Openstack Platform	Version 16.2
Redhat Openstack Platform	Version 17.0

Related CWEs

Improper Isolation or Compartmentalization

The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.

References (4)

https://access.redhat.com/security/cve/CVE-2023-1636

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2023-1636

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.