MITRE has assigned CVE-2025-65073 to this vulnerability. OSSA-2025-002 Errata 1 will be issued shortly.
** Summary changed: - presigned S3 URLs can be used to obtain a full access to the keystone account + [OSSA-2025-002] Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) ** CVE added: https://cve.org/CVERecord?id=CVE-2025-65073 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2119646 Title: [OSSA-2025-002] Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization (CVE-2025-65073) To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/2119646/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
