The default policy for adding a secret to a container allows anyone with the "admin" role to add a secret their project owns to a container that is owned by a different project. References: https://bugzilla.redhat.com/show_bug.cgi?id=2022908
Upstream issue: https://storyboard.openstack.org/#!/story/2009297
Created openstack-barbican tracking bugs for this issue: Affects: openstack-rdo [bug 2043278]
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2022:5114 https://access.redhat.com/errata/RHSA-2022:5114
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-23452
This issue has been addressed in the following products: Red Hat OpenStack Platform 16.1 Via RHSA-2022:8874 https://access.redhat.com/errata/RHSA-2022:8874