CVE-2023-1636

MEDIUM 6.0

Incomplete container isolation

CVSS Score

6.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

CWE	CWE-653
Vendor	n/a
Product	openstack-barbican
Published	Sep 24, 2023
Last Updated	Sep 24, 2024

Stay Ahead of the Next One

Get instant alerts for n/a openstack-barbican

Be the first to know when new medium vulnerabilities affecting n/a openstack-barbican are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Affected Versions

n/a / openstack-barbican

All versions affected

Red Hat / Red Hat OpenStack Platform 13 (Queens)

All versions affected

Red Hat / Red Hat OpenStack Platform 16.1

All versions affected

Red Hat / Red Hat OpenStack Platform 16.2

All versions affected

Red Hat / Red Hat OpenStack Platform 17.0

All versions affected

RDO / OpenStack RDO

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-1636 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Credits

Red Hat would like to thank ANSSI and Amossys for reporting this issue.