CVE-2020-12691

Опубликовано: 07 мая 2020

Источник: ubuntu

Приоритет: medium

CVSS2: 6.5

CVSS3: 8.8

Описание

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Релиз	Статус	Примечание
bionic	released	2:13.0.4-0ubuntu1
devel	not-affected	2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1
eoan	ignored	end of life
esm-infra-legacy/trusty	DNE
esm-infra/bionic	released	2:13.0.4-0ubuntu1
esm-infra/focal	not-affected	2:17.0.0-0ubuntu0.20.04.1
esm-infra/xenial	needed
focal	not-affected	2:17.0.0-0ubuntu0.20.04.1
groovy	not-affected	2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1
hirsute	not-affected	2:18.0.0~b2~git2020073017.b187dfd05-0ubuntu1

Показывать по

Ссылки на источники

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2020-12691

CVSS3: 8.8

redhat

почти 6 лет назад

CVE-2020-12691

CVSS3: 8.8

nvd

почти 6 лет назад

CVE-2020-12691

CVSS3: 8.8

debian

почти 6 лет назад

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...

GHSA-4427-7f3w-mqv6

CVSS3: 8.8

github

больше 3 лет назад

OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID

6.5 Medium

CVSS2

8.8 High

CVSS3

CVE-2020-12691

Описание

Пакет keystone

Ссылки на источники

Связанные уязвимости