CVE-2026-43001
Summary
| CVE | CVE-2026-43001 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-05-01 09:16:17 UTC |
| Updated | 2026-05-01 09:16:17 UTC |
| Description | An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the authenticating application credential. This allowed an attacker holding an unrestricted application credential for project A to create an EC2 credential targeting project B; a subsequent /v3/ec2tokens exchange would then issue a Keystone token scoped to project B while still carrying the original app_cred_id, enabling cross-project lateral movement within the credential owner's role footprint. |
Risk And Classification
Primary CVSS: v3.1 7.9 HIGH from [email protected]
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Problem Types: CWE-863 | CWE-863 CWE-863 Incorrect Authorization
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 7.9 | HIGH | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L |
| 3.1 | CNA | CVSS | 7.9 | HIGH | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
HighPrivileges Required
HighUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
HighAvailability
LowCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| review.opendev.org/c/openstack/keystone/+/985804 | [email protected] | review.opendev.org | |
| bugs.launchpad.net/keystone/+bug/2149775 | [email protected] | bugs.launchpad.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.