CVE-2023-1636

MEDIUM

OpenStack Barbican - Privilege Escalation

Title source: llm

Description

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

References (2)

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2023-1636

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Scores

CVSS v3 6.0

EPSS 0.0007

EPSS Percentile 22.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Classification

CWE

CWE-653

Status published

Affected Products (5)

openstack/barbican

redhat/openstack_platform

pypi/barbican PyPI

Timeline

Published Sep 24, 2023

Tracked Since Feb 18, 2026