Launchpad CVE tracker

CVE 2016-4911

The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.

Related bugs and status

CVE-2016-4911 (Candidate) is related to these bugs:

Bug #1577558: [OSSA 2016-008] v2.0 fernet tokens audit ids are inconsistent (CVE-2016-4911)

		In	Importance	Status
1577558	[OSSA 2016-008] v2.0 fernet tokens audit ids are inconsistent (CVE-2016-4911)	OpenStack Identity (keystone)	High	Fix Released
1577558	[OSSA 2016-008] v2.0 fernet tokens audit ids are inconsistent (CVE-2016-4911)	OpenStack Security Advisory	Undecided	Fix Released
1577558	[OSSA 2016-008] v2.0 fernet tokens audit ids are inconsistent (CVE-2016-4911)	OpenStack Identity (keystone) mitaka	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016051...
MLIST: [oss-security] 2016051...
CONFIRM: https://bugs.launchpad...
CONFIRM: https://review.opensta...
CONFIRM: https://security.opens...
BID: 90728

Launchpad.net

CVE 2016-4911

Related bugs and status

Related bugs

References