[Git][security-tracker-team/security-tracker][master] CVE allocated for keystone issue (OSSA-2025-002)

Salvatore Bonaccorso (@carnil) Mon, 17 Nov 2025 04:18:04 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
77a9709e by Salvatore Bonaccorso at 2025-11-17T13:17:35+01:00
CVE allocated for keystone issue (OSSA-2025-002)

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,5 @@
 CVE-2025-9501 (The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable 
to com ...)
        NOT-FOR-US: WordPress plugin
-CVE-2025-65073 (OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a 
/v3/ec2t ...)
-       TODO: check
 CVE-2025-60022 (Improper certificate validation vulnerability exists in 
'\u30c7\u30b8\ ...)
        TODO: check
 CVE-2025-13284 (ThinPLUS developed by ThinPLUS has an OS Command Injection 
vulnerabili ...)
@@ -3737,11 +3735,8 @@ CVE-2025-11690 (An Insecure Direct Object Reference 
(IDOR) vulnerability exists
        NOT-FOR-US: CFMOTO RIDE
 CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting 
vulnerability  ...)
        NOT-FOR-US: Salesforce
-CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints 
can grant Keystone authorization]
+CVE-2025-65073 [OSSA-2025-002: Unauthenticated access to EC2/S3 token 
endpoints can grant Keystone authorization]
        - keystone 2:28.0.0-2 (bug #1120053)
-       [trixie] - keystone 2:27.0.0-3+deb13u1
-       [bookworm] - keystone 2:22.0.2-0+deb12u1
-       [bullseye] - keystone 2:18.1.0-1+deb11u2
        NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2
        NOTE: https://bugs.launchpad.net/keystone/+bug/2119646
        NOTE: src:swift (Bug #1120057) and src:heat (Bug #1120059) require 
updates along for


=====================================
data/DLA/list
=====================================
@@ -14,6 +14,7 @@
        {CVE-2025-5914 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918}
        [bullseye] - libarchive 3.4.3-2+deb11u3
 [07 Nov 2025] DLA-4367-1 keystone - security update
+       {CVE-2025-65073}
        [bullseye] - keystone 2:18.1.0-1+deb11u2
 [07 Nov 2025] DLA-4366-1 swift - security update
        [bullseye] - swift 2.26.0-10+deb11u2


=====================================
data/DSA/list
=====================================
@@ -10,6 +10,7 @@
        {CVE-2025-64507}
        [bookworm] - lxd 5.0.2-5+deb12u2
 [13 Nov 2025] DSA-6056-1 keystone - security update
+       {CVE-2025-65073}
        [bookworm] - keystone 2:22.0.2-0+deb12u1
        [trixie] - keystone 2:27.0.0-3+deb13u1
 [13 Nov 2025] DSA-6055-1 chromium - security update



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77a9709ed68d54d849a2a0c4f76d4a89a3d0d257

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77a9709ed68d54d849a2a0c4f76d4a89a3d0d257
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] CVE allocated for keystone issue (OSSA-2025-002)

Reply via email to