68 lines
1.8 KiB
YAML
68 lines
1.8 KiB
YAML
date: 2020-05-06
|
|
|
|
id: OSSA-2020-004
|
|
|
|
title: Keystone credential endpoints allow owner modification and are not protected from a scoped context
|
|
|
|
description: >
|
|
kay reported two vulnerabilities in keystone's EC2 credentials API.
|
|
Any authenticated user could create an EC2 credential for themselves
|
|
for a project that they have a specified role on, then perform an update
|
|
to the credential user and project, allowing them to masquerade as
|
|
another user. (CVE-2020-12691)
|
|
|
|
Any authenticated user within a limited scope
|
|
(trust/oauth/application credential) can create an EC2 credential with
|
|
an escalated permission, such as obtaining admin while the user is on
|
|
a limited viewer role. (CVE-2020-12689)
|
|
|
|
Both of these vulnerabilities potentially allow a malicious user to
|
|
act as admin on a project that another user has the admin role on,
|
|
which can effectively grant the malicious user global admin privileges.
|
|
|
|
errata: >
|
|
CVE-2020-12689 and CVE-2020-12691 were assigned after the original publication date.
|
|
|
|
affected-products:
|
|
- product: keystone
|
|
version: '<15.0.1, ==16.0.0'
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2020-12689
|
|
- cve-id: CVE-2020-12691
|
|
|
|
reporters:
|
|
- name: kay
|
|
reported:
|
|
- CVE-2020-12689
|
|
- CVE-2020-12691
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1872733
|
|
- https://launchpad.net/bugs/1872735
|
|
|
|
reviews:
|
|
victoria:
|
|
- https://review.opendev.org/725886
|
|
|
|
ussuri:
|
|
- https://review.opendev.org/725888
|
|
|
|
train:
|
|
- https://review.opendev.org/725891
|
|
|
|
stein:
|
|
- https://review.opendev.org/725893
|
|
|
|
rocky:
|
|
- https://review.opendev.org/725895
|
|
|
|
notes:
|
|
- The stable/rocky branch is under extended maintenance and will receive no
|
|
new point releases, but a patch for it is provided as a courtesy.
|
|
|
|
errata_history:
|
|
- 2020-05-07 - Errata 1
|
|
- 2020-05-06 - Original Version
|