CVE-2020-12690

HIGH

OpenStack Keystone <16.0.0 - Privilege Escalation

Title source: llm

Description

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The list of roles provided for an OAuth1 access token is silently ignored. Thus, when an access token is used to request a keystone token, the keystone token contains every role assignment the creator had for the project. This results in the provided keystone token having more role assignments than the creator intended, possibly giving unintended escalated access.

References (7)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2020/05/07/3

[Patch, Third Party Advisory] https://bugs.launchpad.net/keystone/+bug/1873290

[Vendor Advisory] https://security.openstack.org/ossa/OSSA-2020-005.html

[Vendor Advisory] https://usn.ubuntu.com/4480-1/

[Mailing List, Third Party Advisory] https://www.openwall.com/lists/oss-security/2020/05/06/6

[Mailing List] https://lists.apache.org/thread.html/re237267da268c690df5e1c6ea6a38a7fc11617725e8049490f58a6fa%40%3Ccommits.druid.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2%40%3Ccommits.druid.apache.org%3E

Scores

CVSS v3 8.8

EPSS 0.0082

EPSS Percentile 74.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-613

Status published

Affected Products (3)

openstack/keystone < 15.0.1

openstack/keystone

pypi/keystone < 15.0.1PyPI

Timeline

Published May 07, 2020

Tracked Since Feb 18, 2026