[Git][security-tracker-team/security-tracker][master] CVE allocated for keystone issue (OSSA-2025-002)

Mon Nov 17 12:17:49 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
77a9709e by Salvatore Bonaccorso at 2025-11-17T13:17:35+01:00
CVE allocated for keystone issue (OSSA-2025-002)

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,5 @@
 CVE-2025-9501 (The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to com ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2025-65073 (OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2t ...)
-	TODO: check
 CVE-2025-60022 (Improper certificate validation vulnerability exists in '\u30c7\u30b8\ ...)
 	TODO: check
 CVE-2025-13284 (ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerabili ...)
@@ -3737,11 +3735,8 @@ CVE-2025-11690 (An Insecure Direct Object Reference (IDOR) vulnerability exists
 	NOT-FOR-US: CFMOTO RIDE
 CVE-2025-10875 (Improper Neutralization of Input Used for LLM Prompting vulnerability  ...)
 	NOT-FOR-US: Salesforce
-CVE-2025-XXXX [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization]
+CVE-2025-65073 [OSSA-2025-002: Unauthenticated access to EC2/S3 token endpoints can grant Keystone authorization]
 	- keystone 2:28.0.0-2 (bug #1120053)
-	[trixie] - keystone 2:27.0.0-3+deb13u1
-	[bookworm] - keystone 2:22.0.2-0+deb12u1
-	[bullseye] - keystone 2:18.1.0-1+deb11u2
 	NOTE: https://www.openwall.com/lists/oss-security/2025/11/04/2
 	NOTE: https://bugs.launchpad.net/keystone/+bug/2119646
 	NOTE: src:swift (Bug #1120057) and src:heat (Bug #1120059) require updates along for


=====================================
data/DLA/list
=====================================
@@ -14,6 +14,7 @@
 	{CVE-2025-5914 CVE-2025-5916 CVE-2025-5917 CVE-2025-5918}
 	[bullseye] - libarchive 3.4.3-2+deb11u3
 [07 Nov 2025] DLA-4367-1 keystone - security update
+	{CVE-2025-65073}
 	[bullseye] - keystone 2:18.1.0-1+deb11u2
 [07 Nov 2025] DLA-4366-1 swift - security update
 	[bullseye] - swift 2.26.0-10+deb11u2


=====================================
data/DSA/list
=====================================
@@ -10,6 +10,7 @@
 	{CVE-2025-64507}
 	[bookworm] - lxd 5.0.2-5+deb12u2
 [13 Nov 2025] DSA-6056-1 keystone - security update
+	{CVE-2025-65073}
 	[bookworm] - keystone 2:22.0.2-0+deb12u1
 	[trixie] - keystone 2:27.0.0-3+deb13u1
 [13 Nov 2025] DSA-6055-1 chromium - security update



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77a9709ed68d54d849a2a0c4f76d4a89a3d0d257

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/77a9709ed68d54d849a2a0c4f76d4a89a3d0d257
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251117/1c31a165/attachment.htm>
