Unrated severityNVD Advisory· Published Jan 18, 2023· Updated Apr 3, 2025

CVE-2022-3100

Description

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

Affected products

openstack/openstack-barbicandescription
osv-coords24 versions
pkg:rpm/suse/openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-barbican-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/spark&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209
< 5.0.2~dev3-3.17.2+ 23 more
- (no CPE)range: < 5.0.2~dev3-3.17.2
- (no CPE)range: < 5.0.2~dev3-3.17.2
- (no CPE)range: < 7.0.1~dev24-3.17.1
- (no CPE)range: < 5.0.2~dev3-3.17.2
- (no CPE)range: < 7.0.1~dev24-3.17.1
- (no CPE)range: < 5.0.2~dev3-3.17.2
- (no CPE)range: < 5.0.2~dev3-3.17.2
- (no CPE)range: < 5.0.2~dev3-3.17.2
- (no CPE)range: < 14.0.1~dev5-3.12.1
- (no CPE)range: < 14.0.1~dev5-3.12.1
- (no CPE)range: < 14.0.1~dev6-3.15.1
- (no CPE)range: < 14.0.1~dev6-3.15.1
- (no CPE)range: < 13.0.8~dev209-3.43.1
- (no CPE)range: < 13.0.8~dev209-3.43.1
- (no CPE)range: < 14.0.1~dev52-3.37.1
- (no CPE)range: < 14.0.1~dev52-3.37.1
- (no CPE)range: < 2.2.3-5.12.1
- (no CPE)range: < 2.2.3-5.12.1
- (no CPE)range: < 5.0.2~dev3-12.43.2
- (no CPE)range: < 5.0.2~dev3-12.43.2
- (no CPE)range: < 7.0.1~dev24-3.37.1
- (no CPE)range: < 14.1.1~dev11-4.43.1
- (no CPE)range: < 13.0.8~dev209-6.43.1
- (no CPE)range: < 18.3.1~dev92-3.43.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

access.redhat.com/security/cve/CVE-2022-3100mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000