Lucene search
K

13 matches found

Ubuntu
Ubuntu
added 2025/12/11 2:24 p.m.4 views

USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.8AI score0.01319EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/11/26 7:18 p.m.5 views

CVE-2025-65073

A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...

7.5CVSS6.3AI score0.00196EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/17 8:39 a.m.6 views

Access Control Bypass

Overview swift is an OpenStack Object Storage Affected versions of this package are vulnerable to Access Control Bypass via the ec2tokens or s3tokens process when a request with a valid AWS Signature is accepted for authorization. An attacker can gain unauthorized access by submitting specially...

9.3CVSS6.8AI score0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.8 views

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS0.00196EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/11/04 7:38 p.m.11 views

USN-7857-1: OpenStack Keystone vulnerability

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...

5.5AI score
Exploits0References1
OSV
OSV
added 2025/11/04 3:0 p.m.3 views

UBUNTU-CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS5.8AI score0.00196EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-0016

Malware in sbrugna...

3.5CVSS6AI score0.02038EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2022/05/17 1:39 a.m.22 views

OpenStack Keystone intended authorization restrictions bypass

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

5.4CVSS6.4AI score0.02038EPSS
Exploits0References15Affected Software1
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.3 views

Keystone: trust circumvention through EC2-style tokens

The ec2tokens API in OpenStack Identity Keystone before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2toke...

5.8CVSS5.9AI score0.02239EPSS
Exploits2References4
NVD
NVD
added 2012/12/18 1:55 a.m.19 views

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

5.4CVSS6.1AI score0.02038EPSS
Exploits0References15
OSV
OSV
added 2012/12/18 1:55 a.m.7 views

CVE-2012-5571

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

6.1AI score
Exploits0References14
Prion
Prion
added 2012/12/18 1:55 a.m.14 views

Authorization

OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...

3.5CVSS6.6AI score0.02038EPSS
Exploits0References14Affected Software2
Cvelist
Cvelist
added 2012/12/18 1:0 a.m.36 views

CVE-2012-5571 Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 Elastic Compute Cloud tokens when a user's role has been removed from a tenant. An attack...

5.4CVSS6AI score0.02038EPSS
Exploits0References15
Rows per page
Query Builder