CVE-2020-12691
openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Se detectó un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. Cualquier usuario autenticado puede crear una credencial EC2 para sí mismo para un proyecto en el que posee un rol específico, y luego llevar a cabo una actualización para el usuario y el proyecto de la credencial, permitiéndole hacerse pasar por otro usuario. Esto permite potencialmente a un usuario malicioso actuar como el administrador en un proyecto en el que otro usuario presenta la función de administrador, que puede otorgarle efectivamente a ese usuario privilegios de administrador global.
A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user. This issue potentially allows the malicious user to act as the admin on a project another user has the admin role on, granting the user global admin privileges.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-06 CVE Reserved
- 2020-05-06 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (9)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugs.launchpad.net/keystone/+bug/1872733 | 2023-11-07 |
URL | Date | SRC |
---|---|---|
https://security.openstack.org/ossa/OSSA-2020-004.html | 2023-11-07 | |
https://usn.ubuntu.com/4480-1 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2020-12691 | 2020-07-22 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1830384 | 2020-07-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | < 15.0.1 Search vendor "Openstack" for product "Keystone" and version " < 15.0.1" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | 16.0.0 Search vendor "Openstack" for product "Keystone" and version "16.0.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
|