Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00NDI3LTdmM3ctbXF2Ns4AAkol
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Permalink: https://github.com/advisories/GHSA-4427-7f3w-mqv6JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00NDI3LTdmM3ctbXF2Ns4AAkol
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 2 months ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-4427-7f3w-mqv6, CVE-2020-12691
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-12691
- https://bugs.launchpad.net/keystone/+bug/1872733
- https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
- https://security.openstack.org/ossa/OSSA-2020-004.html
- https://www.openwall.com/lists/oss-security/2020/05/06/5
- http://www.openwall.com/lists/oss-security/2020/05/07/2
- https://github.com/openstack/keystone/commit/37e9907a176dad6843819b1bec4946c3aecc4548
- https://usn.ubuntu.com/4480-1
- https://github.com/openstack/keystone/commit/40cbb7bebd50276412daa1981ff5a7c7b3b899a5
- https://github.com/openstack/keystone/commit/95b2bbeab113d9f04d1c81f7f1b48bf692bce979
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2020-55.yaml
- https://github.com/advisories/GHSA-4427-7f3w-mqv6
Blast Radius: 13.8
Affected Packages
pypi:keystone
Dependent packages: 3Dependent repositories: 37
Downloads: 17,946 last month
Affected Version Ranges: = 16.0.0, < 15.0.1
Fixed in: 16.0.1, 15.0.1
All affected versions: 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 16.0.0
All unaffected versions: 15.0.1, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 22.0.2, 23.0.0, 23.0.1, 23.0.2, 24.0.0, 25.0.0, 26.0.0