oss-sec mailing list archives
Re: [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING)
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 16 Nov 2025 21:05:22 +0100
Hi, On Tue, Nov 04, 2025 at 03:01:12PM +0000, Jeremy Stanley wrote:
=========================================================================
OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant
Keystone authorization
=========================================================================
[...]
Notes ~~~~~
[...]
- MITRE CVE Request 1930434 has been awaiting assignment since 2025-09-24, but once completed will result in an errata revision to this advisory reflecting the correct CVE ID. If any other CNA has assigned a CVE themselves in the meantime, please reject it so that we don't end up with duplicates.
Have you ever heard back since then for a CVE assignment? I guess it felt through the cracks? Regards, Salvatore
Current thread:
- [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Jeremy Stanley (Nov 04)
- Re: [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Demi Marie Obenour (Nov 04)
- Re: [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE PENDING) Salvatore Bonaccorso (Nov 16)
- [OSSA-2025-002] OpenStack Keystone: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) Jeremy Stanley (Nov 17)