CVE-2020-12689

openstack-keystone: EC2 and credential endpoints are not protected from a scoped context

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. Potencialmente, esto permite que un usuario malintencionado actúe como administrador en un proyecto en el que otro usuario tiene la función de administrador, lo que efectivamente puede otorgarle a ese usuario privilegios de administrador global.

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope (trust/OAuth/application credential) to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" role.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-05-06 CVE Reserved
2020-05-06 CVE Published
2024-08-04 CVE Updated
2024-08-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management
CWE-863: Incorrect Authorization

CAPEC

References (8)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2020/05/07/2	Mailing List
https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E	Mailing List
https://www.openwall.com/lists/oss-security/2020/05/06/5	Mailing List

URL	Date	SRC

URL	Date	SRC
https://bugs.launchpad.net/keystone/+bug/1872735	2023-11-07

URL	Date	SRC
https://security.openstack.org/ossa/OSSA-2020-004.html	2023-11-07
https://usn.ubuntu.com/4480-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2020-12689	2020-07-22
https://bugzilla.redhat.com/show_bug.cgi?id=1830396	2020-07-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Keystone Search vendor "Openstack" for product "Keystone"				< 15.0.1 Search vendor "Openstack" for product "Keystone" and version " < 15.0.1"		-		Affected
Openstack Search vendor "Openstack"		Keystone Search vendor "Openstack" for product "Keystone"				16.0.0 Search vendor "Openstack" for product "Keystone" and version "16.0.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04"		lts		Affected