CVE-2020-12691

 

Published at: - 07-05-2020 02:15

Last modified: - 26-04-2022 07:06

Total changes: - 4

Description

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://www.openwall.com/lists/oss-security/2020/05/06/5
• https://bugs.launchpad.net/keystone/+bug/1872733
• [oss-security] 20200507 Re: [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING)-Mailing List, Third Party Advisory
• https://security.openstack.org/ossa/OSSA-2020-004.html
• [druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone-Mailing List, Third Party Advisory
• USN-4480-1-Third Party Advisory
• [druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)-Mailing List, Patch, Third Party Advisory

 

Keywords

NVD

 

CVE-2020-12691

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures