Vulnerability Name:

CVE-2020-12692 (CCN-181612)

Assigned:2020-05-07
Published:2020-05-07
Updated:2022-04-27
Summary:An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
CVSS v3 Severity:5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
6.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-347
CWE-294
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-12692

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20200507 Re: [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)

Source: MISC
Type: Third Party Advisory
https://bugs.launchpad.net/keystone/+bug/1872737

Source: XF
Type: UNKNOWN
openstack-cve202012692-sec-bypass(181612)

Source: CCN
Type: oss-sec Mailing List, Thu, 7 May 2020 15:59:49 -0500
Re: [OSSA-2020-003] Keystone: Keystone does not check signature TTL of the EC2 credential auth method (CVE PENDING)

Source: CONFIRM
Type: Vendor Advisory
https://security.openstack.org/ossa/OSSA-2020-003.html

Source: UBUNTU
Type: Third Party Advisory
USN-4480-1

Source: CCN
Type: IBM Security Bulletin 6323241 (Spectrum Scale)
Openstack Keystone vulnerabilities affects IBM Spectrum Scale (CVE-2020-12689)

Source: CCN
Type: OpenStack Web site
OpenStack Keystone

Source: MISC
Type: Mailing List, Third Party Advisory
https://www.openwall.com/lists/oss-security/2020/05/06/4

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:keystone:*:*:*:*:*:*:*:* (Version < 15.0.1)
  • OR cpe:/a:openstack:keystone:16.0.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openstack:keystone:15.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_scale:5.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    openstack keystone *
    openstack keystone 16.0.0
    canonical ubuntu linux 18.04
    openstack keystone 15.0.0
    ibm spectrum scale 5.0.0