Lucene search

PRIOn knowledge basePRION:CVE-2020-12689

HistoryMay 07, 2020 - 12:15 a.m.

Code injection

2020-05-0700:15:00

PRIOn knowledge base

www.prio-n.com

8.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.3%

JSON

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

CPENameOperatorVersion
ubuntu_linuxeq18.04
keystoneeq16.0.0
keystonelt15.0.1

Name	Operator	Version
ubuntu_linux	eq	18.04
keystone	eq	16.0.0
keystone	lt	15.0.1

References

www.openwall.com/lists/oss-security/2020/05/07/2

bugs.launchpad.net/keystone/+bug/1872735

lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E

security.openstack.org/ossa/OSSA-2020-004.html

usn.ubuntu.com/4480-1/

www.openwall.com/lists/oss-security/2020/05/06/5