CVE-2022-0087 – Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
https://notcve.org/view.php?id=CVE-2022-0087
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') keystone es vulnerable a una Neutralización Inapropiada de Entradas Durante la Generación de Páginas Web ("Cross-site Scripting") • https://github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38 https://huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-36404
https://notcve.org/view.php?id=CVE-2020-36404
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. Keystone Engine versión 0.9.2, presenta una liberación no válida en la función llvm_ks::SmallVectorImpl(llvm_ks::MCFixup)::~SmallVectorImpl • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22371 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/keystone/OSV-2020-1506.yaml https://github.com/keystone-engine/keystone/releases • CWE-763: Release of Invalid Pointer or Reference •
CVE-2020-12689 – openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
https://notcve.org/view.php?id=CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872735 https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https://access.redhat.com/security/cve/CVE-2020-12689 https://bugzilla.redhat.com/show_bug.cgi?id=1830396 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVE-2020-12690 – openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
https://notcve.org/view.php?id=CVE-2020-12690
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. • http://www.openwall.com/lists/oss-security/2020/05/07/3 https://bugs.launchpad.net/keystone/+bug/1873290 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-005.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/6 https:// • CWE-613: Insufficient Session Expiration CWE-863: Incorrect Authorization •
CVE-2020-12691 – openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID
https://notcve.org/view.php?id=CVE-2020-12691
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. Cualquier usuario autenticado puede crear una credencial EC2 para sí mismo para un proyecto en el que posee un rol específico, y luego llevar a cabo una actualización para el usuario y el proyecto de la credencial, permitiéndole hacerse pasar por otro usuario. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872733 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https:// • CWE-863: Incorrect Authorization •