13 matches found
USN-7926-1: OpenStack Keystone vulnerabilities
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...
CVE-2025-65073
A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...
Access Control Bypass
Overview swift is an OpenStack Object Storage Affected versions of this package are vulnerable to Access Control Bypass via the ec2tokens or s3tokens process when a request with a valid AWS Signature is accepted for authorization. An attacker can gain unauthorized access by submitting specially...
CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
USN-7857-1: OpenStack Keystone vulnerability
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...
UBUNTU-CVE-2025-65073
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...
EUVD-2012-0016
Malware in sbrugna...
OpenStack Keystone intended authorization restrictions bypass
OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...
Keystone: trust circumvention through EC2-style tokens
The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...
CVE-2012-5571
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...
CVE-2012-5571
OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...
Authorization
OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...
CVE-2012-5571 Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...