Описание
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
A flaw was found in OpenStack keystonemiddleware. The external_oauth2_token middleware fails to properly sanitize incoming authentication headers. An authenticated attacker can exploit this by sending forged identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id. This can lead to privilege escalation or impersonation of other users within the system.
Отчет
This is an IMPORTANT privilege escalation flaw in OpenStack keystonemiddleware. The external_oauth2_token middleware does not correctly sanitize incoming authentication headers. An authenticated attacker can exploit this by sending forged identity headers, such as X-Is-Admin-Project, X-Roles, or X-User-Id, to escalate privileges or impersonate other users. All Red Hat OpenStack Platform deployments utilizing the external_oauth2_token middleware are affected.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-api | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-base | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-evaluator | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-listener | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-aodh-notifier | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-barbican-api | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-barbican-base | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-barbican-keystone-listener | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-barbican-worker | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | rhosp13/openstack-ceilometer-base | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.9 Critical
CVSS3
Связанные уязвимости
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
An issue was discovered in OpenStack keystonemiddleware 10.5 through 1 ...
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
EPSS
9.9 Critical
CVSS3