Lucene search
K

800 matches found

Snyk
Snyk
added 2026/04/10 3:31 a.m.4 views

Incorrect Authorization

Overview keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Incorrect Authorization through the UserOSEC2CredentialsResourceListCreat...

6CVSS5.8AI score0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 3:31 a.m.3 views

GHSA-4PHW-6824-6CFP OpenStack Keystone: Restricted application credentials can create EC2 credentials

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.0022EPSS
Exploits1References6
NVD
NVD
added 2026/04/10 3:16 a.m.12 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS0.0022EPSS
Exploits1References3
PyPA
PyPA
added 2026/04/10 3:16 a.m.9 views

PYSEC-2026-202

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

5.3CVSS5.5AI score0.0022EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/10 12:0 a.m.29 views

CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS0.0022EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.10 views

PT-2026-31855

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0 Description A flaw exists in OpenStack Keystone where restricted application credentials can be used to create EC2 credentials. An authenticated user with a...

5.3CVSS5.8AI score0.0022EPSS
Exploits1References20
Github Security Blog
Github Security Blog
added 2026/04/01 11:27 p.m.6 views

PraisonAI Has SSRF in FileTools.download_file() via Unvalidated URL

Summary FileTools.downloadfile in praisonaiagents validates the destination path but performs no validation on the url parameter, passing it directly to httpx.stream with followredirects=True. An attacker who controls the URL can reach any host accessible from the server including cloud metadata...

8.6CVSS5.9AI score0.00405EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/25 11:16 a.m.11 views

UBUNTU-CVE-2026-23352

In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...

5.5CVSS5.5AI score0.00125EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/01/09 8:44 a.m.9 views

CVE-2022-23511

A privilege escalation issue exists within the Amazon CloudWatch Agent for Windows, software for collecting metrics and logs from Amazon EC2 instances and on-premises servers, in versions up to and including v1.247354. When users trigger a repair of the Agent, a pop-up window opens with SYSTEM...

7.1CVSS6.9AI score0.00482EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.4 views

aware (>=0.0.1 <=0.0.30), aws-manager (>=0.0.1 <=0.21.2) +5 more potentially affected by unknown CVE via aws-sdk-ec2 (>=0.0.22-alpha <=0.9.0)

aws-sdk-ec2 CARGO version =0.0.22-alpha, =0.0.1, =0.0.1, =0.0.0, =0.1.0, =0.4.0, =0.14.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.4 views

aws-manager (>=0.0.18 <=0.21.2), ec2-search (>=0.14.0 <=0.14.1) potentially affected by unknown CVE via aws-sdk-autoscaling (>=0.18.0 <=0.9.0)

aws-sdk-autoscaling CARGO version =0.18.0, =0.0.18, =0.14.0, =0.14.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
Ubuntu
Ubuntu
added 2025/12/11 2:24 p.m.4 views

USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.8AI score0.01319EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/11/26 7:18 p.m.5 views

CVE-2025-65073

A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...

7.5CVSS6.3AI score0.00201EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/17 8:39 a.m.6 views

Access Control Bypass

Overview swift is an OpenStack Object Storage Affected versions of this package are vulnerable to Access Control Bypass via the ec2tokens or s3tokens process when a request with a valid AWS Signature is accepted for authorization. An attacker can gain unauthorized access by submitting specially...

9.3CVSS6.8AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.9 views

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS0.00201EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/09 12:23 a.m.5 views

SUSE CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS6.4AI score0.00186EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/11/04 7:38 p.m.12 views

USN-7857-1: OpenStack Keystone vulnerability

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...

5.5AI score
Exploits0References1
OSV
OSV
added 2025/11/04 3:0 p.m.3 views

UBUNTU-CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS5.8AI score0.00201EPSS
Exploits0References6
OSV
OSV
added 2025/10/30 3:2 p.m.9 views

GO-2025-4028 go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness

go-witness is Vulnerable to Improper Verification of AWS EC2 Identity Documents in github.com/in-toto/go-witness...

6.9CVSS6.9AI score0.00186EPSS
Exploits0References3
NVD
NVD
added 2025/10/15 8:15 p.m.8 views

CVE-2025-62375

go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2 instance identity documents. Verification can incorrectly succeed when a signature is not present or is...

6.9CVSS0.00186EPSS
Exploits0References2
Rows per page
Query Builder