Описание
OpenStack Identity Keystone Improper Access Control
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-4911
- https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
- https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
- https://bugs.launchpad.net/keystone/+bug/1577558
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
- https://review.openstack.org/#/c/311886
- https://security.openstack.org/ossa/OSSA-2016-008.html
- http://www.openwall.com/lists/oss-security/2016/05/17/10
- http://www.openwall.com/lists/oss-security/2016/05/17/11
Пакеты
keystone
>= 9.0.0, < 9.0.1
9.0.1
Связанные уязвимости
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befor ...