Lucene search
Redhat.comRH:CVE-2020-12691HistoryMay 07, 2020 - 7:40 p.m.
CVE-2020-12691
2020-05-0719:40:01
redhat.com
access.redhat.com
6
0.008 Low
EPSS
Percentile
81.3%
A vulnerability was found in Keystone’s EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user. This issue potentially allows the malicious user to act as the admin on a project another user has the admin role on, granting the user global admin privileges.
Related
cvelist
cvelist
CVE-2020-12691
2020-05-06 23:43:01
nvd
nvd
CVE-2020-12691
2020-05-07 00:15:10
cve
cve
CVE-2020-12691
2020-05-07 00:15:10
prion
prion
Design/Logic Flaw
2020-05-07 00:15:00
debiancve
debiancve
CVE-2020-12691
2020-05-07 00:15:10
veracode
veracode
Privilege Escalation
2020-05-11 05:11:15
github
github
osv
osv
PYSEC-2020-55
2020-05-07 00:15:00
CVE-2020-12691
2020-05-07 00:15:10
keystone - security update
2020-05-06 00:00:00
ubuntucve
ubuntucve
CVE-2020-12691
2020-05-07 00:00:00
redhat
redhat
(RHSA-2020:3096) Important: openstack-keystone security update
2020-07-22 12:02:47
(RHSA-2020:2732) Important: openstack-keystone security update
2020-06-24 12:25:05
(RHSA-2020:3105) Important: openstack-keystone security update
2020-07-22 12:28:32
nessus
nessus
RHEL 7 : openstack-keystone (RHSA-2020:3096)
2020-07-22 00:00:00
RHEL 7 : openstack-keystone (RHSA-2020:2732)
2020-06-24 00:00:00
RHEL 8 : openstack-keystone (RHSA-2020:3105)
2020-07-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4480-1)
2020-09-02 00:00:00
Debian: Security Advisory (DSA-4679-1)
2020-05-08 00:00:00
ibm
ibm
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2020-09-01 00:00:00