CVE-2017-12440

openstack-aodh: Aodh can be used to launder Keystone trusts

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 and before Pike-rc1 does not verify that trust IDs belong to the user when creating alarm action with the scheme trust+http, which allows remote authenticated users with knowledge of trust IDs where Aodh is the trustee to obtain a Keystone token and perform unspecified authenticated actions by adding an alarm action with the scheme trust+http, and providing a trust id where Aodh is the trustee.

Aodh, tal y como viene en Openstack Ocata y Newton antes de change-ID I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851 y antes de Pike-rc1, no verifica que las ID de confianza pertenecen al usuario cuando se crean acciones de alarma con el esquema "trust+http", lo que permite a los usuarios autenticados remotos con conocimiento sobre las ID de confianza en donde Aodh es la entidad de confianza obtener un token Keystone y realizar acciones autenticadas no especificadas añadiendo una acción de alarma con el esquema "trust+http" y proporcionando una ID de confianza en donde Aodh es la entidad de confianza.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-04 CVE Reserved
2017-08-18 CVE Published
2023-05-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-306: Missing Authentication for Critical Function
CWE-345: Insufficient Verification of Data Authenticity

CAPEC

References (10)

URL	Tag	Source
http://www.securityfocus.com/bid/100455	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://bugs.launchpad.net/ossn/+bug/1649333	2019-10-03
https://review.openstack.org/#/c/493823	2019-10-03
https://review.openstack.org/#/c/493824	2019-10-03
https://review.openstack.org/#/c/493826	2019-10-03

URL	Date	SRC
http://www.debian.org/security/2017/dsa-3953	2019-10-03
https://access.redhat.com/errata/RHSA-2017:3227	2019-10-03
https://access.redhat.com/errata/RHSA-2018:0315	2019-10-03
https://access.redhat.com/security/cve/CVE-2017-12440	2018-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=1478834	2018-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Openstack Search vendor "Openstack" for product "Openstack"				07132017 Search vendor "Openstack" for product "Openstack" and version "07132017"		-		Affected