Lucene search
+L

31 matches found

RedhatCVE
RedhatCVE
added 2020/05/07 7:39 p.m.33 views

CVE-2020-12689

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

6.5CVSS2.5AI score0.01562EPSS
Exploits0References4
NVD
NVD
added 2020/05/07 12:15 a.m.31 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.5AI score0.01562EPSS
Exploits0References6
PyPA
PyPA
added 2020/05/07 12:15 a.m.6 views

PYSEC-2020-55

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS7.5AI score0.04918EPSS
Exploits0References7Affected Software1
PyPA
PyPA
added 2020/05/07 12:15 a.m.8 views

PYSEC-2020-53

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS6.8AI score0.01562EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/05/06 11:43 p.m.44 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.4AI score0.01562EPSS
Exploits0References6
Prion
Prion
added 2019/11/26 4:15 a.m.32 views

Code injection

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

4.3CVSS6.7AI score0.01446EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2019/01/15 8:55 a.m.33 views

Privilege Escalation

openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain...

5.8CVSS6.7AI score0.02239EPSS
Exploits2References10Affected Software1
Veracode
Veracode
added 2019/01/15 8:51 a.m.30 views

Authorization Bypass

openstack-keystone is vulnerable to authorization bypass. This is due to the way users are removed from tenants when using Amazon EC2 credentials. Users retain privileges after being removed from tenants and will still be able to access resources which would have not been permitted...

2.1CVSS6AI score0.00341EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2013/12/14 5:21 p.m.22 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS6.6AI score0.02239EPSS
Exploits2References8
OSV
OSV
added 2013/12/14 5:21 p.m.2 views

DEBIAN-CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS7.3AI score0.02239EPSS
Exploits2References1
UbuntuCve
UbuntuCve
added 2013/12/11 3:0 p.m.30 views

CVE-2013-6391

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS5.9AI score0.02239EPSS
Exploits2References3
Rows per page
Query Builder