CVE-2026-33551

N/A

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role may obtain an EC2/S3 credential that carries the full set of the parent user's S3 permissions, effectively bypassing the role restrictions imposed on the application credential. Only deployments that use restricted application credentials in combination with the EC2/S3 compatibility API (swift3 / s3api) are affected.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

授权机制不正确

OpenStack Keystone 安全漏洞

OpenStack Keystone是OpenStack开源的一个核心认证组件库。 OpenStack Keystone 26.1.1之前版本、27.0.0版本、28.0.0版本和29.0.0版本存在安全漏洞，该漏洞源于受限应用程序凭据可以创建EC2凭据，可能导致经过身份验证的仅具有读取者角色的用户获得具有父用户完整S3权限的EC2/S3凭据，从而绕过应用程序凭据的角色限制。

N/A

N/A