Showing 1 - 6 of 6

CVE-2022-3100

Status Candidate

Overview

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Debian Security Advisory 5410-1: Posted May 24, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5410-1 - Multiple security issues were discovered in Sofia-SIP, a SIP User-Agent library, which could result in denial of service.; tags | advisory, denial of service; systems | linux, debian; advisories | CVE-2022-31001, CVE-2022-31002, CVE-2022-31003, CVE-2022-47516, CVE-2023-22741; SHA-256 | 6a5c35f944423c00333235bd7622abb351551dfe6fbfabc5d70316bb8466189a; Download | Favorite | View

Ubuntu Security Notice USN-5932-1: Posted Mar 8, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5932-1 - It was discovered that Sofia-SIP incorrectly handled specially crafted SDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Sofia-SIP incorrectly handled specially crafted UDP packets. A remote attacker could use this issue to cause applications using Sofia-SIP to crash, leading to a denial of service.; tags | advisory, remote, denial of service, arbitrary, udp; systems | linux, ubuntu; advisories | CVE-2022-31001, CVE-2022-47516, CVE-2023-22741; SHA-256 | 7fcdbca75479d00e4f58e8474b85f25f0d70fe1f118dd58c12c7fa68df320f0f; Download | Favorite | View

Gentoo Linux Security Advisory 202210-18: Posted Oct 31, 2022; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202210-18 - Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which could result in remote code execution. Versions less than 1.13.8 are affected.; tags | advisory, remote, vulnerability, code execution; systems | linux, gentoo; advisories | CVE-2022-31001, CVE-2022-31002, CVE-2022-31003; SHA-256 | 8bc389d5e7b24cae8c152e3973119a3707e4b35a90b3c1f644ab3b687d387291; Download | Favorite | View

Ubuntu Security Notice USN-5697-1: Posted Oct 26, 2022; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5697-1 - Douglas Mendizabal discovered that Barbican incorrectly handled certain query strings. A remote attacker could possibly use this issue to bypass the access policy.; tags | advisory, remote; systems | linux, ubuntu; advisories | CVE-2022-3100; SHA-256 | a2026e650fef41d9d465475e5a5bb947b78a248023fcbbba00bb8183eb1a67ac; Download | Favorite | View

Debian Security Advisory 5247-1: Posted Oct 17, 2022; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5247-1 - Douglas Mendizabal discovered that Barbican, the OpenStack Key Management Service, incorrectly parsed requests which could allow an authenticated user to bypass Barbican access policies.; tags | advisory; systems | linux, debian; advisories | CVE-2022-3100; SHA-256 | 0d413d1d6f6432591be3a3d48216c92d4d62cd19a834ad7625f9ff5c141970bf; Download | Favorite | View

Red Hat Security Advisory 2022-6750-01: Posted Sep 30, 2022; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2022-6750-01 - Barbican is a ReST API designed for the secure storage, provisioning and management of secrets, including in OpenStack environments. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat; advisories | CVE-2022-3100; SHA-256 | 5344e5217e226027bd6020f87c92f572ebb799b817358a5b04b19b7e17fae74d; Download | Favorite | View

Page 1 of 1 Back 1 Next