CVE-2022-3100
Medium
Published: 18 January 2023
Published
18 January 2023
Modified
03 April 2025
KEV Added
—
Patch
—
CVSS Score v3.1
5.9
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score
0.0021
42.9th percentile
Risk Priority
12
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-3100 is a medium-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Redhat Openstack. Its CVSS base score is 5.9 (Medium).
Operationally, ranked at the 42.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42529
Vulnerability details
A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
openstack
barbican
all versions
redhat
openstack
13, 16.1, 16.2, 17
redhat
openstack for ibm power
13, 16.1, 16.2
redhat
openstack platform
13.0
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.