The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8874 advisory.
– openstack-barbican: Barbican allows authenticated users to add/modify/delete arbitrary metadata on any secret (CVE-2022-23451)
– openstack-barbican: Barbican allows anyone with an admin role to add their secrets to a different project’s containers (CVE-2022-23452)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.Read More