CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-38155
https://notcve.org/view.php?id=CVE-2021-38155
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected. OpenStack Keystone versiones 10.x hasta 16.x anteriores a 16.0.2, versiones 17.x anteriores a 17.0.1, versiones 18.x anteriores a 18.0.1 y versiones 19.x anteriores a 19.0.1, permite una divulgación de información durante el bloqueo de cuentas (relacionado con las características de PCI DSS). Al adivinar el nombre de una cuenta y fallando en la autenticación múltiples veces, cualquier actor no autenticado podría tanto confirmar que la cuenta se presenta y obtener el UUID correspondiente de esa cuenta, que podría ser aprovechado para otros ataques no relacionados. • http://www.openwall.com/lists/oss-security/2021/08/10/5 https://launchpad.net/bugs/1688137 https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html https://security.openstack.org/ossa/OSSA-2021-003.html • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12689 – openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
https://notcve.org/view.php?id=CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872735 https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https://access.redhat.com/security/cve/CVE-2020-12689 https://bugzilla.redhat.com/show_bug.cgi?id=1830396 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12690 – openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
https://notcve.org/view.php?id=CVE-2020-12690
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. • http://www.openwall.com/lists/oss-security/2020/05/07/3 https://bugs.launchpad.net/keystone/+bug/1873290 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-005.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/6 https:// • CWE-613: Insufficient Session Expiration CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12691 – openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID
https://notcve.org/view.php?id=CVE-2020-12691
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. Cualquier usuario autenticado puede crear una credencial EC2 para sí mismo para un proyecto en el que posee un rol específico, y luego llevar a cabo una actualización para el usuario y el proyecto de la credencial, permitiéndole hacerse pasar por otro usuario. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872733 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https:// • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12692 – openstack-keystone: failure to check signature TTL of the EC2 credential auth method
https://notcve.org/view.php?id=CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La API EC2 no presenta una comprobación TTL de firma para AWS Signature V4. • http://www.openwall.com/lists/oss-security/2020/05/07/1 https://bugs.launchpad.net/keystone/+bug/1872737 https://security.openstack.org/ossa/OSSA-2020-003.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/4 https://access.redhat.com/security/cve/CVE-2020-12692 https://bugzilla.redhat.com/show_bug.cgi?id=1833164 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature CWE-863: Incorrect Authorization •