{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-09-02T15:06:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security.openstack.org/ossa/OSSA-2020-003.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/keystone/+bug/1872737"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/4"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/1"}, {"name": "USN-4480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4480-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12692", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://security.openstack.org/ossa/OSSA-2020-003.html", "refsource": "CONFIRM", "url": "https://security.openstack.org/ossa/OSSA-2020-003.html"}, {"name": "https://bugs.launchpad.net/keystone/+bug/1872737", "refsource": "MISC", "url": "https://bugs.launchpad.net/keystone/+bug/1872737"}, {"name": "https://www.openwall.com/lists/oss-security/2020/05/06/4", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2020/05/06/4"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/05/07/1"}, {"name": "USN-4480-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4480-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:04:22.870Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.openstack.org/ossa/OSSA-2020-003.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/keystone/+bug/1872737"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/4"}, {"name": "[oss-security] 20200507 Re: [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/1"}, {"name": "USN-4480-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4480-1/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12692", "datePublished": "2020-05-06T23:42:42", "dateReserved": "2020-05-06T00:00:00", "dateUpdated": "2024-08-04T12:04:22.870Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*", "matchCriteriaId": "04CBF40B-EE82-4FB1-8B57-502419051BA9", "versionEndExcluding": "15.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:keystone:16.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "71945B91-B12D-4EF4-AE03-91592D434125", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenStack Keystone versiones anteriores a 15.0.1 y 16.0.0. La API EC2 no presenta una comprobaci\u00f3n TTL de firma para AWS Signature V4. Un atacante puede rastrear el encabezado Authorization y luego usarlo para volver a emitir un token de OpenStack un n\u00famero ilimitado de veces."}], "id": "CVE-2020-12692", "lastModified": "2024-11-21T05:00:05.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-07T00:15:10.987", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1872737"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-003.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4480-1/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/05/07/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://bugs.launchpad.net/keystone/+bug/1872737"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2020-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4480-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2020/05/06/4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank kay (OpenStack) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2020:2732", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-keystone-1:13.0.4-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2020-06-24T00:00:00Z"}, {"advisory": "RHSA-2020:2732", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-keystone-1:13.0.4-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2020-06-24T00:00:00Z"}, {"advisory": "RHSA-2020:3102", "cpe": "cpe:/a:redhat:openstack:15::el8", "package": "openstack-keystone-1:15.0.1-0.20200512110437.95b2bbe.el8ost", "product_name": "Red Hat OpenStack Platform 15.0 (Stein)", "release_date": "2020-07-22T00:00:00Z"}, {"advisory": "RHSA-2020:3105", "cpe": "cpe:/a:redhat:openstack:16::el8", "package": "openstack-keystone-1:16.0.1-0.20200511063421.40cbb7b.el8ost", "product_name": "Red Hat OpenStack Platform 16.0 (Train)", "release_date": "2020-07-22T00:00:00Z"}], "bugzilla": {"description": "openstack-keystone: failure to check signature TTL of the EC2 credential auth method", "id": "1833164", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1833164"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-863", "details": ["An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.", "A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 (V4) process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access."], "name": "CVE-2020-12692", "package_state": [{"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Out of support scope", "package_name": "openstack-keystone", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "openstack-keystone", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Will not fix", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2020-04-28T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-12692\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-12692\nhttps://security.openstack.org/ossa/OSSA-2020-003.html"], "threat_severity": "Moderate"}