Add OSSA-2020-004 (CVEs Pending)
Change-Id: Ide28e91b184edab45d22c47661ad6bb6003dd244 Closes-Bug: #1872735 Closes-Bug: #1872733
This commit is contained in:
parent
e956315884
commit
2548f46b0a
|
@ -0,0 +1,58 @@
|
|||
date: 2020-05-06
|
||||
|
||||
id: OSSA-2020-004
|
||||
|
||||
title: Keystone credential endpoints allow owner modification and are not protected from a scoped context
|
||||
|
||||
description: >
|
||||
kay reported two vulnerabilities in keystone's EC2 credentials API.
|
||||
Any authenticated user could create an EC2 credential for themselves
|
||||
for a project that they have a specified role on, then perform an update
|
||||
to the credential user and project, allowing them to masquerade as
|
||||
another user. (CVE #1 PENDING)
|
||||
|
||||
Any authenticated user within a limited scope
|
||||
(trust/oauth/application credential) can create an EC2 credential with
|
||||
an escalated permission, such as obtaining admin while the user is on
|
||||
a limited viewer role. (CVE #2 PENDING)
|
||||
|
||||
Both of these vulnerabilities potentially allow a malicious user to
|
||||
act as admin on a project that another user has the admin role on,
|
||||
which can effectively grant the malicious user global admin privileges.
|
||||
|
||||
affected-products:
|
||||
- product: keystone
|
||||
version: '<15.0.1, ==16.0.0'
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: Pending
|
||||
|
||||
reporters:
|
||||
- name: kay
|
||||
reported:
|
||||
- CVE Pending
|
||||
|
||||
issues:
|
||||
links:
|
||||
- https://launchpad.net/bugs/1872733
|
||||
- https://launchpad.net/bugs/1872735
|
||||
|
||||
reviews:
|
||||
victoria:
|
||||
- https://review.opendev.org/725886
|
||||
|
||||
ussuri:
|
||||
- https://review.opendev.org/725888
|
||||
|
||||
train:
|
||||
- https://review.opendev.org/725891
|
||||
|
||||
stein:
|
||||
- https://review.opendev.org/725893
|
||||
|
||||
rocky:
|
||||
- https://review.opendev.org/725895
|
||||
|
||||
notes:
|
||||
- The stable/rocky branch is under extended maintenance and will receive no
|
||||
new point releases, but a patch for it is provided as a courtesy.
|
Loading…
Reference in New Issue