Lucene search

K
osvGoogleOSV:CVE-2020-12692
HistoryMay 07, 2020 - 12:15 a.m.

CVE-2020-12692

2020-05-0700:15:10
Google
osv.dev
5

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn’t have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.1%