CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12689 – openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
https://notcve.org/view.php?id=CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872735 https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https://access.redhat.com/security/cve/CVE-2020-12689 https://bugzilla.redhat.com/show_bug.cgi?id=1830396 • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2020-12691 – openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID
https://notcve.org/view.php?id=CVE-2020-12691
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. Cualquier usuario autenticado puede crear una credencial EC2 para sí mismo para un proyecto en el que posee un rol específico, y luego llevar a cabo una actualización para el usuario y el proyecto de la credencial, permitiéndole hacerse pasar por otro usuario. • http://www.openwall.com/lists/oss-security/2020/05/07/2 https://bugs.launchpad.net/keystone/+bug/1872733 https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E https://security.openstack.org/ossa/OSSA-2020-004.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/5 https:// • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-12692 – openstack-keystone: failure to check signature TTL of the EC2 credential auth method
https://notcve.org/view.php?id=CVE-2020-12692
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times. Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La API EC2 no presenta una comprobación TTL de firma para AWS Signature V4. • http://www.openwall.com/lists/oss-security/2020/05/07/1 https://bugs.launchpad.net/keystone/+bug/1872737 https://security.openstack.org/ossa/OSSA-2020-003.html https://usn.ubuntu.com/4480-1 https://www.openwall.com/lists/oss-security/2020/05/06/4 https://access.redhat.com/security/cve/CVE-2020-12692 https://bugzilla.redhat.com/show_bug.cgi?id=1833164 • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 1CVE-2020-12108 – mailman: arbitrary content injection via the options login page
https://notcve.org/view.php?id=CVE-2020-12108
/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content Injection. El archivo /options/mailman en GNU Mailman versiones anteriores a 2.1.31, permite una Inyección de Contenido Arbitrario. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00063.html https://bugs.launchpad.net/mailman/+bug/1873722 https://code.launchpad.net/mailman https://lists.debian.org/debian-lts-announce/2020/05/msg00007.html https://lists.debian.org/debian-lts-announce/202 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-12392 – Mozilla: Arbitrary local file access with 'Copy as cURL'
https://notcve.org/view.php?id=CVE-2020-12392
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. La funcionalidad "Copy as cURL" de la pestaña de red de Devtools no escapa apropiadamente los datos HTTP POST de una petición, que el sitio web puede controlar. Si un usuario usó la funcionalidad "Copy as cURL" y pegó el comando a un terminal, podría haber resultado en la divulgación de archivos locales. • https://bugzilla.mozilla.org/show_bug.cgi?id=1614468 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://usn.ubuntu.com/4373-1 https://www.mozilla.org/security/advisories/mfsa2020-16 https://www.mozilla.org/security/advisories/mfsa2020-17 https://www.mozilla.org/security/advisories/mfsa2020-18 https://access.redhat.com/security/cve/CVE-2020-12392 https://bugzilla.redhat.com/show_bug.cgi?id=1831764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •