OSSA-2025-002 Errata 1
CVE-2025-65073 has been assigned. Also incorporate unmaintained branch changes which appeared after publication, and a clarification to the description which was previously discussed on the oss-security mailing list: https://www.openwall.com/lists/oss-security/2025/11/05/13 Change-Id: I19991a47adb395f62b207fbc2ff69769e839e986 Signed-off-by: Jeremy Stanley <fungi@yuggoth.org> Related-Bug: #2119646
This commit is contained in:
Jeremy Stanley
@@ -8,22 +8,31 @@ description: >
|
||||
kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By
|
||||
sending those endpoints a valid AWS Signature (e.g., from a presigned S3
|
||||
URL), an unauthenticated attacker may obtain Keystone authorization
|
||||
for the user associated with the signature
|
||||
(ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted
|
||||
by some services), resulting in unauthorized access and privilege escalation.
|
||||
Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by
|
||||
unauthenticated clients (e.g., exposed on a public API) are affected.
|
||||
|
||||
errata: >
|
||||
CVE-2025-65073 was assigned by MITRE after publication based on a request
|
||||
submitted 2025-09-24 (months prior); if any other CNA has assigned a CVE
|
||||
themselves in the meantime, please reject it so that we don't end up with
|
||||
duplicates. Further, the description has been extended to clarify token
|
||||
ownership. Backported fixes for the unmaintained/2024.1 branches are now
|
||||
included.
|
||||
|
||||
affected-products:
|
||||
- product: Keystone
|
||||
version: '<26.0.1, ==27.0.0, ==28.0.0'
|
||||
|
||||
vulnerabilities:
|
||||
- cve-id: PENDING
|
||||
- cve-id: CVE-2025-65073
|
||||
|
||||
reporters:
|
||||
- name: kay
|
||||
reported:
|
||||
- PENDING
|
||||
- CVE-2025-65073
|
||||
|
||||
issues:
|
||||
links:
|
||||
@@ -42,6 +51,9 @@ reviews:
|
||||
2024.2/dalmatian(keystone):
|
||||
- https://review.opendev.org/966073
|
||||
|
||||
2024.1/caracal(keystone):
|
||||
- https://review.opendev.org/966871
|
||||
|
||||
2026.1/gazpacho(swift):
|
||||
- https://review.opendev.org/966062
|
||||
|
||||
@@ -54,12 +66,16 @@ reviews:
|
||||
2024.2/dalmatian(swift):
|
||||
- https://review.opendev.org/966067
|
||||
|
||||
2024.1/caracal(swift):
|
||||
- https://review.opendev.org/966068
|
||||
|
||||
notes:
|
||||
- While the indicated Keystone patches are sufficient to mitigate this
|
||||
vulnerability, corresponding changes for Swift are included which keep its
|
||||
optional S3-like API working.
|
||||
- MITRE CVE Request 1930434 has been awaiting assignment since 2025-09-24,
|
||||
but once completed will result in an errata revision to this advisory
|
||||
reflecting the correct CVE ID. If any other CNA has assigned a CVE
|
||||
themselves in the meantime, please reject it so that we don't end up with
|
||||
duplicates.
|
||||
- The unmaintained/2024.1 branches will receive no new point releases, but
|
||||
patches for them are provided as a courtesy.
|
||||
|
||||
errata_history:
|
||||
- 2025-11-17 - Errata 1
|
||||
- 2025-11-04 - Original Version
|
||||
|
||||
Reference in New Issue
Block a user