vulnerability

Ubuntu: USN-4480-1 (CVE-2020-12691): OpenStack Keystone vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	May 7, 2020	Sep 2, 2020	Mar 27, 2026

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

May 7, 2020

Added

Sep 2, 2020

Modified

Mar 27, 2026

Description

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

Solutions

ubuntu-upgrade-keystoneubuntu-upgrade-python-keystone

References

CVE-2020-12691
https://attackerkb.com/topics/CVE-2020-12691
CWE-863
EUVD-EUVD-2020-0097
NVD-CVE-2020-12691
UBUNTU-USN-4480-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-0097

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report