Description
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9Attack Vector: Network
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High
Affected Packages4 packages
Also affects: Ubuntu Linux 18.04
🔴Vulnerability Details
5OSVOpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context↗2022-05-24 GHSAOpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context↗2022-05-24 OSVkeystone vulnerabilities↗2020-09-01 OSVCVE-2020-12689: An issue was discovered in OpenStack Keystone before 15↗2020-05-07 CVEListCVE-2020-12689: An issue was discovered in OpenStack Keystone before 15↗2020-05-06 📋Vendor Advisories
3UbuntuOpenStack Keystone vulnerabilities↗2020-09-01 Red Hatopenstack-keystone: EC2 and credential endpoints are not protected from a scoped context↗2020-05-06 DebianCVE-2020-12689: keystone - An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any use...↗2020 💬Community
2BugzillaCVE-2020-12689 openstack-keystone: EC2 and credential endpoints are not protected from a scoped context [openstack-rdo]↗2020-05-06 BugzillaCVE-2020-12689 openstack-keystone: EC2 and credential endpoints are not protected from a scoped context↗2020-05-01