← Back

CVE-2026-43001

nvd nist
Published: May 1, 2026Modified: Jun 2, 2026

JSON object

Loading...
8.0
Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Exploitability: 1.3 / Impact: 6.0
Source: NVD

Description

An issue was discovered in OpenStack Keystone before 29.0.2. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint.

Affected (3)

Products: Openstack: Keystone
Openstack
1 product
Keystone
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Openstack
Keystone
From 14.0.0 to 27.0.2
Keystone
From 28.0.0 to 28.0.2
Keystone
From 29.0.0 to 29.0.2

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (3)

Source: cve@mitre.org
ExploitIssue TrackingThird Party AdvisoryPatch
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Vendor AdvisoryPatch

Timeline

No history available yet.