CVE-2023-1636

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

Published: Sep 24, 2023
Updated: May 9, 2024
CVE: CVE-2023-1636
GHSA: GHSA-6rx9-c2rh-3qv4
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
barbican	-	16.0.0.x
redhat / openstack_platform	16.1	16.1.x
redhat / openstack_platform	16.2	16.2.x
redhat / openstack_platform	17.0	17.0.x

https://access.redhat.com/security/cve/CVE-2023-1636
https://bugzilla.redhat.com/show_bug.cgi?id=2181765

Vulnerability Database

289,598

CVE-2023-1636