Cyber Resilience

CVE-2022-3100

Medium

Published: 18 January 2023

Published
18 January 2023
Modified
03 April 2025
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
EPSS Score 0.0021 42.9th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-3100 is a medium-severity Authentication Bypass by Primary Weakness (CWE-305) vulnerability in Redhat Openstack. Its CVSS base score is 5.9 (Medium).

Operationally, ranked at the 42.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

openstack
barbican
all versions
redhat
openstack
13, 16.1, 16.2, 17
redhat
openstack for ibm power
13, 16.1, 16.2
redhat
openstack platform
13.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References