CVE-2022-3100

Medium

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

redhat·CWE-305·Published 2023-01-18

CVSS

5.9

EPSS

0.00

KEV

Exploits

cve.orgen

138 chars

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

NVDen

138 chars

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Se encontró una falla en el componente openstack-barbican. Este problema permite omitir la política de acceso a través de una cadena de consulta al acceder a la API.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	5.9	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Primary	NVD	5.9	1.6	4.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Primary	cve.org	5.9	—	—	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
3.1	Secondary	NVD	5.9	1.6	4.2	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N