CRITICAL🇵🇱 Wersja polska

CVE-2026-22797

CVSS 9.9v3.1pub. 2026-01-19upd. 2026-06-30

An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.

🤖 AI Analysis
How it works

The external_oauth2_token middleware responsible for processing OAuth 2.0 tokens does not sanitize incoming HTTP headers before processing them (CWE-290 — Authentication Bypass by Spoofing). An attacker can submit crafted headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, which are then accepted and processed by the middleware stack as trusted identity values. As a result, the system grants the attacker privileges resulting from the fake headers rather than from the user's actual identity.

Impact

An authenticated attacker can escalate their privileges (privilege escalation), including gaining administrative rights, or impersonate any other user in the OpenStack environment, leading to complete breach of confidentiality and integrity of cloud resources.

Mitigation & patch

OpenStack keystonemiddleware should be updated to version 10.7.2, 10.9.1, or 10.12.1 depending on the branch in use. As a temporary workaround, consider disabling or blocking the use of the external_oauth2_token middleware until the patch is deployed. Details available at: https://launchpad.net/bugs/2129018

Who is affected

OpenStack keystonemiddleware in versions: 10.5 – 10.7 (before 10.7.2), 10.8 – 10.9 (before 10.9.1), and 10.10 – 10.12 (before 10.12.1). Affects only deployments using the external_oauth2_token middleware.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References