CVE-2020-12689
openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Se detectó un problema en OpenStack Keystone en versiones anteriores a la 15.0.1 y 16.0.0. Cualquier usuario autenticado dentro de un alcance limitado (credencial de confianza/autorización/aplicación) puede crear una credencial EC2 con un permiso escalado, como obtener administrador mientras el usuario tiene un rol de visor limitado. Potencialmente, esto permite que un usuario malintencionado actúe como administrador en un proyecto en el que otro usuario tiene la función de administrador, lo que efectivamente puede otorgarle a ese usuario privilegios de administrador global.
A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope (trust/OAuth/application credential) to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" role.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-06 CVE Reserved
- 2020-05-06 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-863: Incorrect Authorization
CAPEC
References (8)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugs.launchpad.net/keystone/+bug/1872735 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://security.openstack.org/ossa/OSSA-2020-004.html | 2023-11-07 | |
https://usn.ubuntu.com/4480-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2020-12689 | 2020-07-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1830396 | 2020-07-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | < 15.0.1 Search vendor "Openstack" for product "Keystone" and version " < 15.0.1" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 16.0.0 Search vendor "Openstack" for product "Keystone" and version "16.0.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|