Description
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
References (2)
Core 2
Core References
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-1636
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2181765
Scores
CVSS v3
6.0
EPSS
0.0007
EPSS Percentile
22.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-653
Status
published
Products (5)
openstack/barbican
pypi/barbican
0PyPI
redhat/openstack_platform
16.1
redhat/openstack_platform
16.2
redhat/openstack_platform
17.0
Published
Sep 24, 2023
Tracked Since
Feb 18, 2026