CVE-2020-12691

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any authenticated user can create an EC2 credential for themselves for a project that they have a specified role on, and then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.

References

Affected packages

Git / github.com/openstack/keystone

Affected ranges

Type

GIT

Repo

https://github.com/openstack/keystone

Events

Introduced

Fixed

95b2bbeab113d9f04d1c81f7f1b48bf692bce979

Introduced

Last affected

dc9e9e32dfbf9fd9c58f9f8e2b35f0bcfd62328e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "15.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.0.0"
        }
    ]
}

Affected versions

10.*

10.0.0

10.0.0.0b1

10.0.0.0b2

10.0.0.0b3

10.0.0.0rc1

10.0.0.0rc2

10.0.0.0rc3

10.0.1

10.0.2

10.0.3

11.*

11.0.0

11.0.0.0b1

11.0.0.0b2

11.0.0.0b3

11.0.0.0rc1

11.0.1

11.0.2

11.0.3

11.0.4

12.*

12.0.0

12.0.0.0b1

12.0.0.0b2

12.0.0.0b3

12.0.0.0rc1

12.0.0.0rc2

12.0.1

12.0.2

12.0.3

13.*

13.0.0

13.0.0.0b1

13.0.0.0b2

13.0.0.0b3

13.0.0.0rc1

13.0.0.0rc2

13.0.1

13.0.2

13.0.3

13.0.4

14.*

14.0.0

14.0.0.0b1

14.0.0.0b2

14.0.0.0b3

14.0.0.0rc1

14.0.0.0rc2

14.0.1

14.1.0

14.2.0

15.*

15.0.0

15.0.0.0rc1

15.0.0.0rc2

16.*

16.0.0

16.0.0.0rc1

16.0.0.0rc2

17.*

17.0.0

17.0.0.0rc1

17.0.0.0rc2

17.0.1

18.*

18.0.0

18.0.0.0rc1

18.1.0

19.*

19.0.0

19.0.0.0rc1

19.0.0.0rc2

19.0.1

20.*

20.0.0

20.0.0.0rc1

20.0.1

2011.*

2011.3

2011.3.1

2012.*

2012.1

2012.1.1

2012.1.2

2012.1.3

2012.2

2012.2.1

2012.2.3

2012.2.4

2013.*

2013.1

2013.1.1

2013.1.2

2013.1.3

2013.1.4

2013.1.5

2013.1.g3

2013.1.rc1

2013.1.rc2

2013.1.rc3

2013.2

2013.2.1

2013.2.2

2013.2.3

2013.2.4

2013.2.b1

2013.2.b2

2013.2.b3

2013.2.rc1

2013.2.rc2

2013.2.rc3

2013.2.rc4

2014.*

2014.1

2014.1.1

2014.1.2

2014.1.2.1

2014.1.3

2014.1.4

2014.1.5

2014.1.b1

2014.1.b2

2014.1.b3

2014.1.rc1

2014.1.rc2

2014.2

2014.2.1

2014.2.2

2014.2.3

2014.2.4

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2014.2.rc2

2015.*

2015.1.0

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

2015.1.0rc2

2015.1.1

2015.1.2

2015.1.3

2015.1.4

2023.*

2023.1-eom

2023.2-eol

2024.*

2024.1-eom

21.*

21.0.0

21.0.0.0rc1

21.0.1

22.*

22.0.0

22.0.0.0rc1

22.0.1

22.0.2

23.*

23.0.0

23.0.0.0rc1

23.0.1

23.0.2

24.*

24.0.0

24.0.0.0rc1

24.1.0

25.*

25.0.0

25.0.0.0rc1

26.*

26.0.0

26.0.0.0rc1

26.1.0

27.*

27.0.0

27.0.0.0rc1

28.*

28.0.0

28.0.0.0rc1

29.*

29.0.0

29.0.0.0rc1

8.*

8.0.0

8.0.0.0b1

8.0.0.0b2

8.0.0.0b3

8.0.0.0rc1

8.0.0.0rc2

8.0.0a0

8.0.1

8.1.0

8.1.2

9.*

9.0.0

9.0.0.0b1

9.0.0.0b2

9.0.0.0b3

9.0.0.0rc1

9.0.0.0rc2

9.0.0.0rc3

9.0.1

9.0.2

9.1.0

9.2.0

9.3.0

Other

diablo-eol

essex-1

essex-2

essex-3

essex-4

essex-eol

essex-rc1

essex-rc2

folsom-1

folsom-2

folsom-3

folsom-eol

folsom-rc1

folsom-rc2

grizzly-1

grizzly-2

grizzly-eol

havana-eol

icehouse-eol

juno-eol

kilo-eol

liberty-eol

mitaka-eol

newton-eol

ocata-em

ocata-eol

pike-em

pike-eol

queens-em

queens-eol

rocky-em

rocky-eol

ussuri-em

ussuri-eol

victoria-em

victoria-eol

victoria-eom

wallaby-em

wallaby-eol

wallaby-eom

xena-em

xena-eol

xena-eom

yoga-eom

zed-eom

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-12691.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    }
]