openstack keystone is vulnerable to privilege escalation. A low-privileged user with a limited role is able to authenticate against Keystone using an EC2 credentials to obtain all project roles of a trust/oauth/application_credential
owner.
www.openwall.com/lists/oss-security/2020/05/07/2
bugs.launchpad.net/keystone/+bug/1872735
github.com/openstack/keystone/commit/79d7d929e10578cc5ff76bb24b6398b38bf63f52
lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
security.openstack.org/ossa/OSSA-2020-004.html
usn.ubuntu.com/4480-1/
www.openwall.com/lists/oss-security/2020/05/06/5