Debian: DSA-4679-1 Moderate: Keystone EC2 Credential Escalation
debian
May 6, 2020
A vulnerability was found in the EC2 credentials API of Keystone, the OpenStack identity service: Any user authenticated within a limited scope (trust/oauth/application credential)...
Summary
A vulnerability was found in the EC2 credentials API of Keystone, the
OpenStack identity service: Any user authenticated within a limited
scope (trust/oauth/application credential) could create an EC2 credential
with an escalated permission, such as obtaining "admin" while
the user is on a limited "viewer" role.
For the stable distribution (buster), this problem has been fixed in
version 2:14.2.0-0+deb10u1.
We recommend that you upgrade your keystone packages.
For the detailed security status of keystone please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/keystone
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
PREVIOUS
NEXT
Package: keystone
CVE ID: not yet available
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!