Vulnerability Details : CVE-2023-1636
A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.
Products affected by CVE-2023-1636
- cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack_platform:17.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-1636
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-1636
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
3.1
|
1.4
|
NIST | |
6.0
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L |
1.8
|
3.7
|
Red Hat, Inc. |
References for CVE-2023-1636
-
https://bugzilla.redhat.com/show_bug.cgi?id=2181765
2181765 – (CVE-2023-1636) CVE-2023-1636 openstack-barbican: incomplete container isolationIssue Tracking;Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2023-1636
CVE-2023-1636- Red Hat Customer PortalThird Party Advisory
Jump to