Lucene search
K

4 matches found

OSV
OSV
added 2022/05/24 5:17 p.m.5 views

GHSA-CHGW-36XV-47CW OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.4AI score0.01562EPSS
Exploits0References10
OSV
OSV
added 2020/05/07 12:15 a.m.26 views

CVE-2020-12689

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

8.8CVSS8.5AI score
Exploits0References6
OSV
OSV
added 2020/05/07 12:15 a.m.25 views

CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user...

8.8CVSS8.6AI score
Exploits0References7
Prion
Prion
added 2020/05/07 12:15 a.m.23 views

Code injection

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope trust/oauth/application credential can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially...

6.5CVSS8.3AI score0.01562EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder