Published: 07/05/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

An issue exists in OpenStack Keystone prior to 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack keystone 16.0.0
openstack keystone
canonical ubuntu linux 18.04

Synopsis Important: openstack-keystone security update Type/Severity Security Advisory: Important Topic An update for openstack-keystone is now available for Red Hat OpenStackPlatform 16 (Train)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Sc ...

Synopsis Important: openstack-keystone security update Type/Severity Security Advisory: Important Topic An update for openstack-keystone is now available for Red Hat OpenStackPlatform 15 (Stein)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Sc ...

Synopsis Important: openstack-keystone security update Type/Severity Security Advisory: Important Topic An update for openstack-keystone is now available for Red Hat OpenStackPlatform 10 (Newton)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability S ...

Synopsis Important: openstack-keystone security update Type/Severity Security Advisory: Important Topic An update for openstack-keystone is now available for Red Hat OpenStackPlatform 13 (Queens)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability S ...

oss-sec mailing list archives   By Date By Thread </form>    Re: [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped contex ...

CWE-863 https://www.openwall.com/lists/oss-security/2020/05/06/5 https://bugs.launchpad.net/keystone/+bug/1872733 http://www.openwall.com/lists/oss-security/2020/05/07/2 https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1/https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:3105

CVE-2020-12691

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect