8 matches found
RHEL 9 : Red Hat OpenStack Services on OpenShift 18.0 (openstack-keystone) (RHSA-2026:1958)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1958 advisory. Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. Security Fixes: OpenStack Keystone: Unauthorized...
Ubuntu: Security Advisory (USN-7926-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 22.04 LTS : OpenStack Keystone vulnerabilities (USN-7926-1)
The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7926-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2025-65073 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2025-65073 Source advisory: OSV:GHSA-HCQG-5G63-7J9H...
a10-octavia (>=1.0.0 <=2.2.0) potentially affected by CVE-2025-65073 via keystone (>=15.0.1 <=18.0.0)
keystone PYPI version =15.0.1, =1.0.0, =2.2.0 Source cves: CVE-2025-65073 Source advisory: SNYK:PYTHON-KEYSTONE-14038400...
DEBIAN-CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
CVE-2025-65073
OpenStack Keystone prior to 26.0.1, 27.0.0, or 28.0.0 is vulnerable to requests to /v3/ec2tokens or /v3/s3tokens bearing a valid AWS Signature that can authorize access. The issue (CVE-2025-65073) enables unauthorized access and potential privilege escalation. CVSS v3.1 base score 7.5 (Network, h...
CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...