OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

GHSA-HCQG-5G63-7J9H OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

Access Control Bypass

Overview swift is an OpenStack Object Storage Affected versions of this package are vulnerable to Access Control Bypass via the ec2tokens or s3tokens process when a request with a valid AWS Signature is accepted for authorization. An attacker can gain unauthorized access by submitting specially...

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

EUVD-2025-197772

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

Keystone 安全漏洞

Keystone is a powerful CMS open source for OpenStack. used to help you build and scale faster than any other Cms or application framework. A security vulnerability exists in Keystone versions prior to 26.0.1, 27.0.0, and 28.0.0 that stems from allowing requests with valid AWS signatures to provid...

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

CVE-2025-65073

OpenStack Keystone prior to 26.0.1, 27.0.0, or 28.0.0 is vulnerable to requests to /v3/ec2tokens or /v3/s3tokens bearing a valid AWS Signature that can authorize access. The issue (CVE-2025-65073) enables unauthorized access and potential privilege escalation. CVSS v3.1 base score 7.5 (Network, h...

Moderate: Red Hat Security Advisory: Release of containers for RHOSO 18.0.14

Red Hat OpenStack Services on OpenShift RHOSO 18.0.14 containers are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Ubuntu 24.04 LTS / 25.04 / 25.10 : OpenStack Keystone vulnerability (USN-7857-1)

The remote Ubuntu 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7857-1 advisory. Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to...

USN-7857-1: OpenStack Keystone vulnerability

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...

USN-7857-1 keystone vulnerability

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...

UBUNTU-CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

SUSE CVE-2025-59823

Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version 1.64.0, Azure providers prior to version 1.55.0, OpenStack providers prior to version 1.49.0, and GCP...

RHSA-2025:17500 Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (python-django) security update

Bulletin has no description...

RHSA-2025:17499 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-django20) security update

Bulletin has no description...

RHSA-2025:17498 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update

Bulletin has no description...

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (python-django) security update

An update for python-django is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-django20) security update

An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...