CVE-2016-4911

4.3 MEDIUM

Published: June 13, 2016 Modified: May 06, 2026

Description

The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2016/05/17/10

Source: cve@mitre.org

Mailing List

http://www.openwall.com/lists/oss-security/2016/05/17/11

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/90728

Source: cve@mitre.org

Third Party Advisory VDB Entry

https://bugs.launchpad.net/keystone/+bug/1577558

Source: cve@mitre.org

Vendor Advisory

https://review.openstack.org/#/c/311886/

Source: cve@mitre.org

Vendor Advisory

https://security.openstack.org/ossa/OSSA-2016-008.html

Source: cve@mitre.org

Patch Vendor Advisory

http://www.openwall.com/lists/oss-security/2016/05/17/10