{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-13T04:06:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2020-004.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/keystone/+bug/1872733"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2"}, {"name": "[druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"name": "USN-4480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4480-1/"}, {"name": "[druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12691", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.openstack.org/ossa/OSSA-2020-004.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2020-004.html"}, {"name": "https://www.openwall.com/lists/oss-security/2020/05/06/5", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5"}, {"name": "https://bugs.launchpad.net/keystone/+bug/1872733", "refsource": "MISC", "url": "https://bugs.launchpad.net/keystone/+bug/1872733"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2"}, {"name": "[druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"}, {"name": "USN-4480-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4480-1/"}, {"name": "[druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa@%3Ccommits.druid.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.558Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2020-004.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/keystone/+bug/1872733"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-004] Keystone: Keystone credential endpoints allow owner modification and are not protected from a scoped context (CVE PENDING)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2"}, {"name": "[druid-commits] 20200520 [GitHub] [druid] ccaominh opened a new pull request #9903: Suppress CVEs for openstack-keystone", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"name": "USN-4480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4480-1/"}, {"name": "[druid-commits] 20210712 [druid] branch master updated: Suppress CVE-2021-27568 from json-smart 2.3 dependency (#11438)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12691", "datePublished": "2020-05-06T23:43:01", "dateReserved": "2020-05-06T00:00:00", "dateUpdated": "2024-08-04T12:04:22.558Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "matchCriteriaId": "04CBF40B-EE82-4FB1-8B57-502419051BA9", "versionEndExcluding": "15.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:16.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "71945B91-B12D-4EF4-AE03-91592D434125", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. Cualquier usuario autenticado puede crear una credencial EC2 para s\u00ed mismo para un proyecto en el que posee un rol espec\u00edfico, y luego llevar a cabo una actualizaci\u00f3n para el usuario y el proyecto de la credencial, permiti\u00e9ndole hacerse pasar por otro usuario. Esto permite potencialmente a un usuario malicioso actuar como el administrador en un proyecto en el que otro usuario presenta la funci\u00f3n de administrador, que puede otorgarle efectivamente a ese usuario privilegios de administrador global."}], "id": "CVE-2020-12691", "lastModified": "2024-11-21T05:00:04.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-07T00:15:10.957", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1872733"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-004.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4480-1/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1872733"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4480-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/5"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank kay (OpenStack) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:3096", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "openstack-keystone-1:10.0.3-8.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2020-07-22T00:00:00Z"}, {"advisory": "RHSA-2020:2732", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-keystone-1:13.0.4-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-06-24T00:00:00Z"}, {"advisory": "RHSA-2020:2732", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-keystone-1:13.0.4-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-06-24T00:00:00Z"}, {"advisory": "RHSA-2020:3102", "cpe": "cpe:/a:redhat:openstack:15::el8", "package": "openstack-keystone-1:15.0.1-0.20200512110437.95b2bbe.el8ost", "product_name": "Red Hat OpenStack Platform 15.0 (Stein)", "release_date": "2020-07-22T00:00:00Z"}, {"advisory": "RHSA-2020:3105", "cpe": "cpe:/a:redhat:openstack:16::el8", "package": "openstack-keystone-1:16.0.1-0.20200511063421.40cbb7b.el8ost", "product_name": "Red Hat OpenStack Platform 16.0 (Train)", "release_date": "2020-07-22T00:00:00Z"}], "bugzilla": {"description": "openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID", "id": "1830384", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1830384"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-863", "details": ["An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.", "A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user. This issue potentially allows the malicious user to act as the admin on a project another user has the admin role on, granting the user global admin privileges."], "name": "CVE-2020-12691", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Out of support scope", "package_name": "openstack-keystone", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "openstack-keystone", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2020-05-06T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12691\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12691\nhttps://security.openstack.org/ossa/OSSA-2020-004.html"], "statement": "Red Hat Quay includes keystone-client, which is not vulnerable to this (server-side) vulnerability.", "threat_severity": "Important", "upstream_fix": "Keystone 15.0.1, Keystone 16.0.1"}