Lucene search
K

9 matches found

Ubuntu
Ubuntu
added 2025/12/11 2:24 p.m.4 views

USN-7926-1: OpenStack Keystone vulnerabilities

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. CVE-2025-65073 It was discovered that OpenStack Keystone only validated the first 72 bytes of an...

7.5CVSS6.8AI score0.01319EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/11/26 7:18 p.m.5 views

CVE-2025-65073

A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...

7.5CVSS6.3AI score0.00201EPSS
Exploits0References4
Snyk
Snyk
added 2025/11/17 8:39 a.m.6 views

Access Control Bypass

Overview swift is an OpenStack Object Storage Affected versions of this package are vulnerable to Access Control Bypass via the ec2tokens or s3tokens process when a request with a valid AWS Signature is accepted for authorization. An attacker can gain unauthorized access by submitting specially...

9.3CVSS6.8AI score0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/17 12:0 a.m.9 views

CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS0.00201EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/11/04 7:38 p.m.12 views

USN-7857-1: OpenStack Keystone vulnerability

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges...

5.5AI score
Exploits0References1
OSV
OSV
added 2025/11/04 3:0 p.m.5 views

UBUNTU-CVE-2025-65073

OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization...

7.5CVSS5.8AI score0.00201EPSS
Exploits0References6
OSV
OSV
added 2021/11/23 5:56 p.m.42 views

GHSA-5993-WWPG-M92C Apache Ozone user impersonation due to non-validation of Ozone S3 tokens

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.8CVSS8.7AI score0.02483EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2021/11/23 5:56 p.m.38 views

Apache Ozone user impersonation due to non-validation of Ozone S3 tokens

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.8CVSS8.4AI score0.02483EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
added 2021/11/19 9:20 a.m.26 views

CVE-2021-39236 Owners of the S3 tokens are not validated

In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user...

8.9AI score0.02483EPSS
Exploits1References3
Rows per page
Query Builder