OpenStack Keystone EC2 Credential Project ID Mismatch Vulnerability

Vulnerability Overview This vulnerability involves the failure to enforce application credential project boundaries within the EC2 credential path. Specifically, the endpoint does not verify that the project ID provided by the caller matches the project ID associated with the authenticating application credential. This allows an attacker holding unrestricted application credentials to create EC2 credentials for Project A and subsequently use EC2 credentials for Project B, enabling lateral movement across projects. Impact Scope Affected Component: Affected Versions: Not explicitly specified, but involves the project Potential Risk: Attackers can leverage unrestricted application credentials to perform lateral movement across projects, potentially leading to data leakage or privilege escalation Remediation 1. Code Modification: - In the file, after extracting , check if equals . - The specific modification is as follows: 2. Test Cases: - Add corresponding test cases in the file to ensure that the patched code correctly validates the project ID. Proof of Concept (POC) No specific POC code was provided in the source; however, based on the description, an attacker can exploit this vulnerability through the following steps: 1. Possess unrestricted application credentials. 2. Create EC2 credentials for Project A. 3. Use EC2 credentials for Project B for subsequent operations. Summary This vulnerability allows attackers to perform lateral movement across projects by failing to validate the project ID. The remediation involves adding project ID validation in the code and ensuring the effectiveness of the fix through test cases.

Goal Reached Thanks to every supporter — we hit 100%!

OpenStack Keystone EC2 Credential Project ID Mismatch Vulnerability