CVE-2020-12691

Published: 07 May 2020

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
keystone
Launchpad, Ubuntu, Debian
Upstream
Released (13.0.4,15.0.1,16.0.0)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(2:17.0.0-0ubuntu0.20.04.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:13.0.4-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://opendev.org/openstack/keystone/commit/a405e4b71d7de31e81a01f07e02f189650eb66fe (pike)
Upstream: https://opendev.org/openstack/keystone/commit/487c7276c7608fb11086b9875b0d7cc7cf594a5a (queens)
Upstream: https://opendev.org/openstack/keystone/commit/53d1ccb8a1bdbb5aa0efaacf9739b1a6f436e191 (Rocky)