27 matches found
CVE-2026-43001
A flaw was found in OpenStack Keystone. An attacker holding an unrestricted application credential could exploit a vulnerability in the POST /v3/credentials endpoint where the caller-supplied projectid for an EC2-type credential was not validated against the project of the authenticating...
OpenStack Keystone has an Incorrect Authorization Issue
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...
EUVD-2026-26488
An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied projectid for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credentia...
PT-2026-36306
Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 13 through 29 Description An issue exists where the 'POST /v3/credentials' endpoint fails to validate that the project id provided by the caller for an EC2-type credential matches the project of the authenticating...
GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
CVE-2026-33551
An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...
EUVD-2013-6215
Malware in sbrugna...
SUSE CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...
GHSA-CHGW-36XV-47CW OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...
Ubuntu 18.04 LTS : OpenStack Keystone vulnerabilities (USN-4480-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4480-1 advisory. It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2...
openstack-keystone: EC2 and credential endpoints are not protected from a scoped context
A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...
openstack-keystone: Credentials endpoint policy logic allows changing credential owner and target project ID
A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user...
Privilege Escalation
openstack keystone is vulnerable to privilege escalation. A low-privileged user with a limited role is able to authenticate against Keystone using an EC2 credentials to obtain all project roles of a trust/oauth/applicationcredential owner...
Debian: Security Advisory (DSA-4679-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-12691
A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any authenticated user to create an EC2 credential for themselves for a project that they have a specified role, and then perform an update to the credential user and project, allowing them to masquerade as another user...
CVE-2020-12689
A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...
CVE-2020-12689
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...
PYSEC-2020-53
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...
PYSEC-2020-55
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...