A container isolation flaw was discovered in Red Hat OpenStack, allowing an attacker with limited authentication and access to Barbican containers to potentially access other OpenStack containers and services. This is possible as they share common CGROUP and namespace.
Created openstack-barbican tracking bugs for this issue: Affects: openstack-rdo [bug 2188735]
Hi (In reply to Nick Tait from comment #0) > A container isolation flaw was discovered in Red Hat OpenStack, allowing an > attacker with limited authentication and access to Barbican containers to > potentially access other OpenStack containers and services. This is possible > as they share common CGROUP and namespace. I'm trying to evaluate/triage this CVE (CVE-2023-1636) in context of a downstream distribution and this bugzilla entry was the only reference associated. The above does only give little information, is this a barbican upstream issue? Is it reported upstream and is there a respective fix available? Can you please provide more information on the issue? Thanks already in advance, Regards, Salvatore