CVE-2023-1636

CVE Database · CVE-2023-1636

CVE-2023-1636

· MEDIUMModified

CVSS v3.1

6.0

EPSS

0.48%

Published

Sep 23, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Weaknesses (CWE)

CWE-653

Affected Products (4)

openstack · barbicanvulnerable

redhat · openstack_platformvulnerable

References (4)

https://access.redhat.com/security/cve/CVE-2023-1636

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Issue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2023-1636

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Issue TrackingThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs