CVE-2020-12690

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.

References

Affected packages

Git / github.com/openstack/keystone

Affected ranges

Type

GIT

Repo

https://github.com/openstack/keystone

Events

Introduced

Fixed

95b2bbeab113d9f04d1c81f7f1b48bf692bce979

Introduced

Last affected

dc9e9e32dfbf9fd9c58f9f8e2b35f0bcfd62328e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "15.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.0.0"
        }
    ]
}

Affected versions

10.*

10.0.0.0b1

10.0.0.0b2

10.0.0.0b3

10.0.0.0rc1

11.*

11.0.0

11.0.0.0b1

11.0.0.0b2

11.0.0.0b3

11.0.0.0rc1

12.*

12.0.0.0b1

12.0.0.0b2

12.0.0.0b3

12.0.0.0rc1

13.*

13.0.0.0b1

13.0.0.0b2

13.0.0.0b3

13.0.0.0rc1

14.*

14.0.0.0b1

14.0.0.0b2

14.0.0.0rc1

15.*

15.0.0

15.0.0.0rc1

15.0.0.0rc2

16.*

16.0.0

16.0.0.0rc1

16.0.0.0rc2

2011.*

2011.3

2013.*

2013.2.b1

2013.2.b3

2013.2.rc1

2014.*

2014.1.b1

2014.1.b2

2014.1.b3

2014.1.rc1

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2015.*

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

8.*

8.0.0.0b1

8.0.0.0b2

8.0.0.0b3

8.0.0.0rc1

8.0.0a0

9.*

9.0.0.0b1

9.0.0.0b2

9.0.0.0b3

9.0.0.0rc1

Other

essex-4

essex-rc1

folsom-1

folsom-2

folsom-rc1

grizzly-1

grizzly-2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12690.json"