{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-13T04:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2020-005.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/keystone/+bug/1873290"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/6"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/3"}, {"name": "[druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"name": "USN-4480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4480-1/"}, {"name": "[druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12690", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.openstack.org/ossa/OSSA-2020-005.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2020-005.html"}, {"name": "https://bugs.launchpad.net/keystone/+bug/1873290", "refsource": "MISC", "url": "https://bugs.launchpad.net/keystone/+bug/1873290"}, {"name": "https://www.openwall.com/lists/oss-security/2020/05/06/6", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/05/06/6"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/07/3"}, {"name": "[druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"}, {"name": "USN-4480-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4480-1/"}, {"name": "[druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.540Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2020-005.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/keystone/+bug/1873290"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/6"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-005] Keystone: OAuth1 request token authorize silently ignores roles parameter (CVE PENDING)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/3"}, {"name": "[druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"name": "USN-4480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4480-1/"}, {"name": "[druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12690", "datePublished": "2020-05-06T23:43:10", "dateReserved": "2020-05-06T00:00:00", "dateUpdated": "2024-08-04T12:04:22.540Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "matchCriteriaId": "04CBF40B-EE82-4FB1-8B57-502419051BA9", "versionEndExcluding": "15.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:16.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "71945B91-B12D-4EF4-AE03-91592D434125", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La lista de roles proporcionados para un token de acceso OAuth1 es ignorada silenciosamente. Por lo tanto, cuando es usado un token de acceso para solicitar un token de keystone, el token de keystone contiene todas las asignaciones de roles que el creador ten\u00eda para el proyecto. Esto resulta en que el token de keystone proporcionado tenga m\u00e1s asignaciones de roles que las previstas por el creador, posiblemente otorgando un acceso escalado no deseado."}], "id": "CVE-2020-12690", "lastModified": "2023-11-07T03:15:43.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-07T00:15:10.923", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/3"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1873290"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-005.html"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/4480-1/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank kay (OpenStack) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3102", "cpe": "cpe:/a:redhat:openstack:15::el8", "package": "openstack-keystone-1:15.0.1-0.20200512110437.95b2bbe.el8ost", "product_name": "Red Hat OpenStack Platform 15.0 (Stein)", "release_date": "2020-07-22T00:00:00Z"}, {"advisory": "RHSA-2020:3105", "cpe": "cpe:/a:redhat:openstack:16::el8", "package": "openstack-keystone-1:16.0.1-0.20200511063421.40cbb7b.el8ost", "product_name": "Red Hat OpenStack Platform 16.0 (Train)", "release_date": "2020-07-22T00:00:00Z"}], "bugzilla": {"description": "openstack-keystone: OAuth1 request token authorize silently ignores roles parameter", "id": "1830395", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830395"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-863", "details": ["An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.", "A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality."], "name": "CVE-2020-12690", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Out of support scope", "package_name": "openstack-keystone", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "openstack-keystone", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2020-05-06T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12690\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12690\nhttps://security.openstack.org/ossa/OSSA-2020-005.html"], "statement": "Red Hat Quay includes keystone-client, which is not vulnerable to this (server-side) vulnerability.", "threat_severity": "Important", "upstream_fix": "Keystone 15.0.1, Keystone 16.0.1"}