Kay

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 15.0.1 OpenStack Keystone version 16.0.0 **Description** An issue allows any user authenticated within a limited scope to create an EC2 credential with escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges. **Recommendations** For OpenStack Keystone versions prior to 15.0.1, update to version 15.0.1 or later to resolve the issue. For OpenStack Keystone version 16.0.0, update to a version later than 16.0.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 15.0.1 OpenStack Keystone version 16.0.0 **Description** An issue in OpenStack Keystone causes the list of roles provided for an OAuth1 access token to be silently ignored. When an access token is used to request a keystone token, the resulting keystone token contains every role assignment the creator had for the project, potentially leading to unintended escalated access. **Recommendations** For OpenStack Keystone versions prior to 15.0.1, update to version 15.0.1 or later to resolve the issue. For OpenStack Keystone version 16.0.0, consider disabling the use of OAuth1 access tokens until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 15.0.1 OpenStack Keystone version 16.0.0 **Description** An issue allows any authenticated user to create an EC2 credential for themselves for a project they have a specified role on. The user can then update the credential user and project, enabling them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, effectively granting that user global admin privileges. **Recommendations** For OpenStack Keystone versions prior to 15.0.1, update to version 15.0.1 or later. For OpenStack Keystone version 16.0.0, consider disabling the EC2 credential creation feature until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 15.0.1 OpenStack Keystone version 16.0.0 **Description** An issue was discovered in the EC2 API of OpenStack Keystone, where it lacks a signature TTL check for AWS Signature V4. This allows an attacker to sniff the Authorization header and then use it to reissue an OpenStack token an unlimited number of times. **Recommendations** For OpenStack Keystone versions prior to 15.0.1, update to version 15.0.1 or later to resolve the issue. For OpenStack Keystone version 16.0.0, consider disabling the EC2 API until a patch is available. As a temporary workaround, restrict access to the Authorization header to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zeta Components Mail versions prior to 1.8.2 **Description** The issue is related to the `send` function in the `ezcMailMtaTransport` class, which does not properly restrict the set of characters used in the `ezcMail` `returnPath` property. This might allow remote attackers to execute arbitrary code via a crafted email address. **Recommendations** For versions prior to 1.8.2, update to version 1.8.2 or later to resolve the issue.