Описание
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keystone | fixed | 2:28.0.0-2 | package |
Примечания
https://www.openwall.com/lists/oss-security/2025/11/04/2
https://bugs.launchpad.net/keystone/+bug/2119646
src:swift (Bug #1120057) and src:heat (Bug #1120059) require updates along for
compatibility with the OSSA-2025-002/keystone update.
Связанные уязвимости
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization.
OpenStack Keystone allows /v3/ec2tokens or /v3/s3tokens request with valid AWS Signature to provide Keystone authorization.