keystone:fuzz_asm_x86_64: Use-of-uninitialized-value in X86AsmParser::ParseIntelOperand

Detailed Report: https://oss-fuzz.com/testcase?key=5087523687890944 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmx8664 Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: X86AsmParser::ParseIntelOperand...

keystone:fuzz_asm_arm_arm: Use-of-uninitialized-value in llvm_ks::MCAssembler::computeFragmentSize

Detailed Report: https://oss-fuzz.com/testcase?key=5659471866232832 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmarmarm Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: llvmks::MCAssembler::computeFragmentSize...

keystone:fuzz_asm_arm_arm: Use-of-uninitialized-value in llvm_ks::MCAssembler::computeFragmentSize

Detailed Report: https://oss-fuzz.com/testcase?key=5675616111427584 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmarmarm Job Type: libfuzzermsankeystone Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: llvmks::MCAssembler::computeFragmentSize...

keystone:fuzz_asm_sparc64be: Invalid-free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl

Detailed Report: https://oss-fuzz.com/testcase?key=5767140656545792 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmsparc64be Job Type: libfuzzerasankeystone Platform Id: linux Crash Type: Invalid-free Crash Address: 0x61900000059d Crash State:...

keystone:fuzz_asm_x86_64: Bad-cast to const llvm_ks::MCSectionELF from llvm_ks::MCSectionMachO in llvm_ks::MCELFStreamer::ChangeSection

Detailed Report: https://oss-fuzz.com/testcase?key=5733234540544000 Project: keystone Fuzzing Engine: libFuzzer Fuzz Target: fuzzasmx8664 Job Type: libfuzzerubsankeystone Platform Id: linux Crash Type: Bad-cast Crash Address: 0x000002a51160 Crash State: Bad-cast to const llvmks::MCSectionELF from...

keystone:fuzz_asm_sparc64be: Crash in llvm_ks::MCEncodedFragmentWithFixups<32u, 4u>::~MCEncodedFragmentWithFixups

Project: https://github.com/keystone-engine/keystone.git Detailed Report: https://oss-fuzz.com/testcase?key=5669285766889472 Project: keystone Fuzzing Engine: afl Fuzz Target: fuzzasmsparc64be Job Type: aflasankeystone Platform Id: linux Crash Type: UNKNOWN WRITE Crash Address: 0x6190000364d2 Cra...

Privilege Escalation

keystone is vulnerable to privilege escalation. The vulnerability exists as an authenticated user is able to masquerade as another higher privileged user by updating the credential user and project, potentially obtaining administrative privileges...

Privilege Escalation

openstack keystone is vulnerable to privilege escalation. A low-privileged user with a limited role is able to authenticate against Keystone using an EC2 credentials to obtain all project roles of a trust/oauth/applicationcredential owner...

Man-in-the-Middle (MitM)

openstack keystone is vulnerable to man-in-the-middle attack. Lack of signature TTL check to verify the timestamp in the AWS Signature V4 token signature allows an attacker to sniff an Authorization header in a man-in-the-middle attack and reuse the header to reissue openstack tokens...

CVE-2020-12692

A flaw was found in Keystone, where the restriction was not checked for the Signature Version 4 V4 process of AWS signatures issued within a limited time window. This flaw allows an attacker to capture an auth header and reuse it, potentially maintaining indefinite access...

Debian: Security Advisory (DSA-4679-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12691

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user...

CVE-2020-12690

A flaw was found in Keystone, where it inadvertently provided OAuth1 access tokens to every role assignment the creator had for a project, resulting in giving more permissions and escalated access in role assignments than intended. The greatest impact is on confidentiality...

CVE-2020-12689

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

DEBIAN-CVE-2020-12692

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...

CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. Th...

DEBIAN-CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

DEBIAN-CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...