{"id":"PYSEC-2020-53","details":"An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. Any user authenticated within a limited scope (trust/oauth/application credential) can create an EC2 credential with an escalated permission, such as obtaining admin while the user is on a limited viewer role. This potentially allows a malicious user to act as the admin on a project another user has the admin role on, which can effectively grant that user global admin privileges.","aliases":["CVE-2020-12689","GHSA-chgw-36xv-47cw"],"modified":"2024-04-29T10:41:28.903393Z","published":"2020-05-07T00:15:00Z","references":[{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2020/05/06/5"},{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1872735"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2020/05/07/2"},{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2020-004.html"},{"type":"WEB","url":"https://lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E"},{"type":"WEB","url":"https://usn.ubuntu.com/4480-1/"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.0.1"}]}],"versions":["12.0.2","12.0.3","13.0.2","13.0.3","13.0.4","14.0.0","14.0.1","14.1.0","14.2.0","15.0.0.0rc1","15.0.0.0rc2","15.0.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2020-53.yaml"}}],"schema_version":"1.7.3"}