CVE-2020-12690
openstack-keystone: OAuth1 request token authorize silently ignores roles parameter
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.
Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La lista de roles proporcionados para un token de acceso OAuth1 es ignorada silenciosamente. Por lo tanto, cuando es usado un token de acceso para solicitar un token de keystone, el token de keystone contiene todas las asignaciones de roles que el creador tenía para el proyecto. Esto resulta en que el token de keystone proporcionado tenga más asignaciones de roles que las previstas por el creador, posiblemente otorgando un acceso escalado no deseado.
A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-06 CVE Reserved
- 2020-05-06 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-613: Insufficient Session Expiration
- CWE-863: Incorrect Authorization
CAPEC
References (9)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugs.launchpad.net/keystone/+bug/1873290 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://security.openstack.org/ossa/OSSA-2020-005.html | 2023-11-07 | |
https://usn.ubuntu.com/4480-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2020-12690 | 2020-07-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1830395 | 2020-07-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | < 15.0.1 Search vendor "Openstack" for product "Keystone" and version " < 15.0.1" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 16.0.0 Search vendor "Openstack" for product "Keystone" and version "16.0.0" | - |
Affected
|