CVE-2020-12689

Опубликовано: 07 мая 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 6.5

CVSS3: 8.8

Описание

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Релиз	Статус	Примечание
bionic	released	2:13.0.4-0ubuntu1
devel	not-affected	2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1
eoan	ignored	end of life
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	2:13.0.4-0ubuntu1
esm-infra/focal	not-affected	2:17.0.0-0ubuntu0.20.04.1
esm-infra/xenial	needed
focal	not-affected	2:17.0.0-0ubuntu0.20.04.1
groovy	not-affected	2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1
hirsute	not-affected	2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1

Показывать по

Ссылки на источники

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2020-12689

CVSS3: 8.8

redhat

почти 6 лет назад

CVE-2020-12689

CVSS3: 8.8

nvd

почти 6 лет назад

CVE-2020-12689

CVSS3: 8.8

debian

почти 6 лет назад

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...

GHSA-chgw-36xv-47cw

CVSS3: 8.8

github

больше 3 лет назад

OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context

6.5 Medium

CVSS2

8.8 High

CVSS3

CVE-2020-12689

Описание

Пакет keystone

Ссылки на источники

Связанные уязвимости