Описание
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2:12.0.0~rc2-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
| esm-infra/xenial | not-affected | 2:9.3.0-0ubuntu3 |
| precise | not-affected | code not present |
| precise/esm | DNE | precise was not-affected [code not present] |
| trusty | not-affected | code not present |
| trusty/esm | DNE | trusty was not-affected [code not present] |
| upstream | released | 2:9.0.0-2,2:9.0.1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
Ссылки на источники
4 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x befor ...
OpenStack Identity Keystone Improper Access Control
4 Medium
CVSS2
4.3 Medium
CVSS3