GCVE - cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:barbican:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Openstack (`7b0cf974-b2b5-592e-bdf4-6953805ef02a`)
Product	Barbican (`2cf4f342-4f49-5e87-920e-f7b76c8776fe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/barbican`	purl2cpe	2026-06-01 10:17:02.570834
`pkg:deb/ubuntu/barbican`	purl2cpe	2026-06-01 10:17:02.570837
`pkg:github/openstack/barbican`	purl2cpe	2026-06-01 10:17:02.570840
`pkg:pypi/barbican`	purl2cpe	2026-06-01 10:17:02.570842
`pkg:rpm/opensuse/openstack-barbican`	purl2cpe	2026-06-01 10:17:02.570845

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-1636`	vulnerable	2026-06-03 14:48:56.011216	Incomplete container isolation MEDIUM (6) A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. Published: 2023-09-24T00:09:03.770Z Updated: 2024-09-24T15:00:07.823Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2023-1636 https://bugzilla.redhat.com/show_bug.cgi?id=2181765	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-1633`	vulnerable	2026-06-03 14:48:56.007216	Insecure barbican configuration file leaking credential MEDIUM (6.6) A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. Published: 2023-09-24T00:09:50.215Z Updated: 2024-09-24T15:00:33.599Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2023-1633 https://bugzilla.redhat.com/show_bug.cgi?id=2181761	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3100`	vulnerable	2026-06-03 14:47:52.231880	Details available A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. Published: 2023-01-18T00:00:00.000Z Updated: 2025-04-03T19:26:10.275Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2022-3100	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.