The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2016-06-13T14:00:00
Updated: 2024-08-06T00:46:40.087Z
Reserved: 2016-05-17T00:00:00
Link: CVE-2016-4911
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2016-06-13T14:59:07.323
Modified: 2022-07-23T10:22:17.877
Link: CVE-2016-4911
Redhat