CVE-2020-12689

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 15.0.1 OpenStack Keystone version 16.0.0

Description An issue allows any user authenticated within a limited scope to create an EC2 credential with escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Recommendations For OpenStack Keystone versions prior to 15.0.1, update to version 15.0.1 or later to resolve the issue. For OpenStack Keystone version 16.0.0, update to a version later than 16.0.0 to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2020-12689

DSA-4679-1

GHSA-CHGW-36XV-47CW

PYSEC-2020-53

RHSA-2020:2732

RHSA-2020:3096

RHSA-2020:3102

RHSA-2020:3105

USN-4480-1

Affected Products

Openstack Keystone

Ubuntu

CVE-2020-12689

Weakness Enumeration

Related Identifiers

Affected Products

References · 25