Comment 22 for bug 1872733
Revision history for this message
| Gage Hugo (gagehugo) wrote Re: Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID | #22 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
e3ace39
(Get the code!)
First draft below, please review:
Assuming that this affects all currently maintained releases of keystone.
Title: Credentials endpoint policy logic allows changing credential owner and target project ID
Reporter: kay
Products: Keystone
Affects: <15.0.1, ==16.0.0
Description:
kay reported a vulnerability in Keystone's EC2 credentials API. Any authenticated user could create an EC2 credential for themselves for a project that they have a specified role on, then perform an update to the credential user and project, allowing them to masquerade as another user. This potentially allows the malicious user to act as the admin on a project another user has the admin role on.