CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-26943
https://notcve.org/view.php?id=CVE-2020-26943
An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. Se detectó un problema en OpenStack blazar-dashboard versiones anteriores a 1.3.1, 2.0.0 y 3.0.0. • http://www.openwall.com/lists/oss-security/2020/10/16/5 https://launchpad.net/bugs/1895688 https://review.opendev.org/755810 https://review.opendev.org/755812 https://review.opendev.org/755813 https://review.opendev.org/755814 https://review.opendev.org/756064 https://security.openstack.org/ossa/OSSA-2020-007.html •
CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 1CVE-2020-17376 – openstack-nova: Soft reboot after live-migration reverts instance to original source domain XML
https://notcve.org/view.php?id=CVE-2020-17376
An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0. By performing a soft reboot of an instance that has previously undergone live migration, a user may gain access to destination host devices that share the same paths as host devices previously referenced by the virtual machine on the source host. This can include block devices that map to different Cinder volumes at the destination than at the source. Only deployments allowing host-based connections (for instance, root and ephemeral devices) are affected. Se detectó un problema en la función Guest.migrate en el archivo virt/libvirt/guest.py en OpenStack Nova versiones anteriores a 19.3.1, versiones 20.x anteriores a 20.3.1 y 21.0.0. • http://www.openwall.com/lists/oss-security/2020/08/25/4 https://launchpad.net/bugs/1890501 https://security.openstack.org/ossa/OSSA-2020-006.html https://access.redhat.com/security/cve/CVE-2020-17376 https://bugzilla.redhat.com/show_bug.cgi?id=1869426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12689 – openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
https://notcve.org/view.php?id=CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872735 https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https://access.redhat.com/security/cve/CVE-2020-12689 https://bugzilla.redhat.com/show_bug.cgi?id=1830396 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-12690 – openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
https://notcve.org/view.php?id=CVE-2020-12690
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. • http://www.openwall.com/lists/oss-security/2020/05/07/3 https://bugs.launchpad.net/keystone/+bug/1873290 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-005.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/6 https:// • CWE-613: Insufficient Session Expiration CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12691 – openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID
https://notcve.org/view.php?id=CVE-2020-12691
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. Cualquier usuario autenticado puede crear una credencial EC2 para sí mismo para un proyecto en el que posee un rol específico, y luego llevar a cabo una actualización para el usuario y el proyecto de la credencial, permitiéndole hacerse pasar por otro usuario. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872733 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https:// • CWE-863: Incorrect Authorization •