Ubuntu Security Update USN-4480-1: OpenStack Keystone vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,906
Reaction score
75
Credits
-1,257
It was discovered that OpenStack Keystone incorrectly handled EC2 credentials. An authenticated attacker with a limited scope could possibly create EC2 credentials with escalated permissions. (CVE-2020-12689, CVE-2020-12691) It was discovered that OpenStack Keystone incorrectly handled the list of roles provided with OAuth1 access tokens. An authenticated user could possibly end up with more role assignments than intended. (CVE-2020-12690) It was discovered that OpenStack Keystone incorrectly handled EC2 signature TTL checks. A remote attacker could possibly use this issue to reuse Authorization headers. (CVE-2020-12692)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-7926-1: OpenStack Keystone vulnerabilities
Replies
0
Views
182
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-7857-1: OpenStack Keystone vulnerability
Replies
0
Views
260
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8008-1: Keystone Middleware vulnerability
Replies
0
Views
109
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8199-1: OpenStack Glance vulnerabilities
Replies
0
Views
86
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8227-1: curl vulnerabilities
Replies
0
Views
125
LinuxBot
LinuxBot


Follow Linux.org

Members online

No members online now.
Total: 2,496 (members: 0, guests: 2,496)

Latest posts

Top