Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02cXFwLTR2bTMtMzU5ds4AA2A5
OpenStack Barbican credential leak flaw
A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.
Permalink: https://github.com/advisories/GHSA-6qqp-4vm3-359vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02cXFwLTR2bTMtMzU5ds4AA2A5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 6.6
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Percentage: 0.00042
EPSS Percentile: 0.05089
Identifiers: GHSA-6qqp-4vm3-359v, CVE-2023-1633
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1633
- https://access.redhat.com/security/cve/CVE-2023-1633
- https://bugzilla.redhat.com/show_bug.cgi?id=2181761
- https://github.com/advisories/GHSA-6qqp-4vm3-359v
Affected Packages
pypi:barbican
Dependent packages: 0Dependent repositories: 3
Downloads: 9,094 last month
Affected Version Ranges: <= 16.0.0
No known fixed version
All affected versions: 8.0.0, 8.0.1, 9.0.0, 9.0.1, 10.0.0, 10.1.0, 11.0.0, 12.0.0, 12.0.1, 12.0.2, 13.0.0, 13.0.1, 13.0.2, 14.0.0, 14.0.1, 14.0.2, 15.0.0, 15.0.1, 16.0.0