Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
systemsmanagement:Ardana:8:CentOS:7.5
openstack-barbican
CVE-2022-3100.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-3100.patch of Package openstack-barbican
From 6112c302375bf3d4c27303d12beec52ce2a82a2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Douglas=20Mendiz=C3=A1bal?= <dmendiza@redhat.com> Date: Tue, 30 Aug 2022 14:58:00 -0500 Subject: [PATCH] Fix Story 2010258 (CVE-2022-3100) This patch fixes a security vunlerability where the contents of a request query string were mistakenly being used in the RBAC policy engine. Change-Id: I5797988e4c63c75fccf85277c52815d9bf684cff --- barbican/api/controllers/__init__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/barbican/api/controllers/__init__.py b/barbican/api/controllers/__init__.py index e5db8cbf4..e944d3bd6 100644 --- a/barbican/api/controllers/__init__.py +++ b/barbican/api/controllers/__init__.py @@ -65,7 +65,6 @@ def _do_enforce_rbac(inst, req, action_name, ctx, **kwargs): if target_name and target_data: policy_dict['target'] = {target_name: target_data} - policy_dict.update(kwargs) # Enforce access controls. if ctx.policy_enforcer: ctx.policy_enforcer.enforce(action_name, flatten(policy_dict),
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor