An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Advisories
Source ID Title
EUVD EUVD EUVD-2020-0097 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
Github GHSA Github GHSA GHSA-4427-7f3w-mqv6 OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
Ubuntu USN Ubuntu USN USN-4480-1 OpenStack Keystone vulnerabilities
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T12:04:22.558Z

Reserved: 2020-05-06T00:00:00

Link: CVE-2020-12691

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-07T00:15:10.957

Modified: 2024-11-21T05:00:04.873

Link: CVE-2020-12691

cve-icon Redhat

Severity : Important

Publid Date: 2020-05-06T15:00:00Z

Links: CVE-2020-12691 - Bugzilla

cve-icon OpenCVE Enrichment

No data.