The default policy for adding a secret to a container allows anyone with the "admin" role to add a secret their project owns to a container that is owned by a different project.
Upstream issue: https://storyboard.openstack.org/#!/story/2009297
Created openstack-barbican tracking bugs for this issue:
Affects: openstack-rdo [bug 2043278]
This issue has been addressed in the following products:
Red Hat OpenStack Platform 16.2
Via RHSA-2022:5114 https://access.redhat.com/errata/RHSA-2022:5114
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):