Описание
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS (Amazon Web Services) signature to the /v3/ec2tokens or /v3/s3tokens API (Application Programming Interface) endpoints.
Отчет
This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token belonging to a valid user by sending a valid AWS signature to the /v3/ec2tokens or /v3/s3tokens API's endpoints, leading to access to unauthorized resources or privilege escalation within the OpenStack instance. This attack is considered to have a high complexity (AC:H) due to the fact of obtaining such valid AWS token is not straight forward. To be considered vulnerable, the OpenStack deployments should expose the related API end points through a public API or external access.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 16.2 | openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 16.2 | rhosp-rhel8/openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 17.1 | openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 17.1 | rhosp-rhel9/openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 18.0 | rhoso/openstack-keystone-rhel9 | Affected | ||
| Red Hat OpenStack Services on OpenShift 18.0 | openstack-keystone | Fixed | RHSA-2026:1958 | 13.02.2026 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2t ...
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.
7.5 High
CVSS3