CVE-2022-23452: 
Python vulnerability analysis and mitigation

An authorization flaw (CVE-2022-23452) was discovered in openstack-barbican, where anyone with an admin role could add secrets to a different project's container. The vulnerability was found in OpenStack Barbican versions up to (excluding) 14.0.0 and Red Hat OpenStack Platform 16.1 (NVD, Red Hat Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H. The issue stems from incorrect authorization handling in the default policy for adding secrets to containers, which allowed users with admin privileges to add secrets owned by their project to containers owned by different projects (Red Hat Bug).

This vulnerability could allow an attacker on the network to consume protected resources and potentially cause a denial of service. The flaw specifically impacts the security boundary between different projects within the OpenStack environment (NVD, Ubuntu Notice).

The vulnerability has been patched in multiple releases. Red Hat has released security updates through RHSA-2022:5114 for OpenStack Platform 16.2 and RHSA-2022:8874 for OpenStack Platform 16.1.9. Ubuntu has also released security updates for versions 21.10, 20.04 LTS, and 18.04 ESM (Red Hat Advisory, Ubuntu Notice).