vulnerability

Ubuntu: USN-4480-1 (CVE-2020-12691): OpenStack Keystone vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	May 7, 2020	Sep 2, 2020	Mar 22, 2023

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

May 7, 2020

Added

Sep 2, 2020

Modified

Mar 22, 2023

Description

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Solution(s)

ubuntu-upgrade-keystoneubuntu-upgrade-python-keystone

References

CVE-2020-12691
https://attackerkb.com/topics/CVE-2020-12691
NVD-CVE-2020-12691
UBUNTU-USN-4480-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today