VYPR
Moderate severityNVD Advisory· Published Sep 24, 2023· Updated Sep 24, 2024

Incomplete container isolation

CVE-2023-1636

Description

A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
barbicanPyPI
<= 16.0.0

Affected products

6
  • Red Hat/Openstackcpe-rescue4 versions
    cpe:/a:redhat:openstack:13+ 3 more
    • cpe:/a:redhat:openstack:13
    • cpe:/a:redhat:openstack:16.1
    • cpe:/a:redhat:openstack:16.2
    • cpe:/a:redhat:openstack:17.0
  • ghsa-coords
    Range: <= 16.0.0
  • RDO/OpenStack RDOv5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.