Ubuntu Security Update USN-7926-1: OpenStack Keystone vulnerabilities

LinuxBot

LinuxBot

Member
Joined
Apr 25, 2017
Messages
5,740
Reaction score
74
Credits
-1,257
Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. (CVE-2025-65073) It was discovered that OpenStack Keystone only validated the first 72 bytes of an application secret. An attacker could possibly use this issue to bypass password complexity. (CVE-2021-3563) It was discovered that OpenStack Keystone had a time lag before a token should be revoked by the security policy. A remote administrator could use this issue to maintain access for longer than expected. (CVE-2022-2447)

Continue reading...
 
You must log in or register to reply here.

Similar threads

LinuxBot
Ubuntu Security Update USN-7857-1: OpenStack Keystone vulnerability
Replies
0
Views
256
LinuxBot
LinuxBot
LinuxBot
Debian Security Update DSA-6056-1 keystone - security update
Replies
0
Views
305
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8008-1: Keystone Middleware vulnerability
Replies
0
Views
103
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8199-1: OpenStack Glance vulnerabilities
Replies
0
Views
82
LinuxBot
LinuxBot
LinuxBot
Ubuntu Security Update USN-8111-1: OpenStack Glance vulnerability
Replies
0
Views
71
LinuxBot
LinuxBot


Follow Linux.org

Members online

Total: 4,843 (members: 7, guests: 4,836)

Latest posts

Top