Описание
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | openstack-keystone | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | openstack-keystone | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | openstack-keystone | Not affected | ||
| Red Hat JBoss Fuse 6.2.1 | openstack-keystone | Not affected | ||
| Red Hat OpenShift Enterprise 2 | openstack-keystone | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | openstack-keystone | Not affected | ||
| Red Hat OpenStack Platform 9 (Mitaka) | openstack-keystone | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befor ...
OpenStack Identity Keystone Improper Access Control
EPSS
4.3 Medium
CVSS2