CVE-2023-1633: 
Python vulnerability analysis and mitigation

A credentials leak flaw (CVE-2023-1633) was discovered in OpenStack Barbican, reported on March 25, 2023. The vulnerability affects the configuration file permissions in Red Hat OpenStack Platform (RHOSP), allowing local authenticated attackers to access sensitive credentials (MITRE CVE, NVD).

The vulnerability stems from a Barbican configuration file being set to world-readable permissions in Red Hat OpenStack. This misconfiguration enables authenticated users with limited access to view the file contents, including secure credentials. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low complexity, and high confidentiality impact (Ubuntu Security).

The primary impact of this vulnerability is the potential exposure of sensitive credentials stored in the Barbican configuration file. When exploited, it could lead to unauthorized access to secure credentials, potentially compromising the security of the OpenStack environment (Red Hat Bugzilla).

Red Hat has addressed this vulnerability in Red Hat OpenStack Platform 16.2 through the security advisory RHSA-2023:6231, released on November 8, 2023 (Red Hat Bugzilla).