Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN766
_____________________________________________________________________

DATE                : 05/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Keystone versions 27.0.0, 28.0.0,
                              and those prior to 26.0.1.

=====================================================================
https://security.openstack.org/ossa/OSSA-2025-002.html
_____________________________________________________________________


OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can
grant Keystone authorization

Date:

    November 04, 2025
CVE:

    PENDING

Affects

    Keystone: <26.0.1, ==27.0.0, ==28.0.0

Description

kay reported a vulnerability in Keystone’s ec2tokens and s3tokens
APIs. By sending those endpoints a valid AWS Signature (e.g., from
a presigned S3 URL), an unauthenticated attacker may obtain
Keystone authorization (ec2tokens can yield a fully scoped token;
s3tokens can reveal scope accepted by some services), resulting
in unauthorized access and privilege escalation. Deployments
where /v3/ec2tokens or /v3/s3tokens are reachable by
unauthenticated clients (e.g., exposed on a public API) are
affected.


Patches

    https://review.opendev.org/966073 (2024.2/dalmatian(keystone))

    https://review.opendev.org/966067 (2024.2/dalmatian(swift))

    https://review.opendev.org/966071 (2025.1/epoxy(keystone))

    https://review.opendev.org/966064 (2025.1/epoxy(swift))

    https://review.opendev.org/966070 (2025.2/flamingo(keystone))

    https://review.opendev.org/966063 (2025.2/flamingo(swift))

    https://review.opendev.org/966069 (2026.1/gazpacho(keystone))

    https://review.opendev.org/966062 (2026.1/gazpacho(swift))


Credits

    kay (PENDING)


References

    https://launchpad.net/bugs/2119646

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=PENDING


Notes

    While the indicated Keystone patches are sufficient to mitigate
this vulnerability, corresponding changes for Swift are included
which keep its optional S3-like API working.

    MITRE CVE Request 1930434 has been awaiting assignment since
2025-09-24, but once completed will result in an errata revision
to this advisory reflecting the correct CVE ID. If any other CNA
has assigned a CVE themselves in the meantime, please reject it
so that we don’t end up with duplicates.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================