CVE-2016-4911
medium
CVSS v3
4.3
CVSS v2
4.0
VIR risk
4.3
Description
The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.
Predictions
Exploit likelihood
53%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2016-4911
Vendor advisory: cve@mitre.org — https://security.openstack.org/ossa/OSSA-2016-008.html
Vendor advisory: cve@mitre.org — https://review.openstack.org/#/c/311886/
Vendor advisory: cve@mitre.org — https://bugs.launchpad.net/keystone/+bug/1577558
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2:9.0.0-2 |
| debian | bullseye | fixed | 2:9.0.0-2 |
| debian | forky | fixed | 2:9.0.0-2 |
| debian | sid | fixed | 2:9.0.0-2 |
| debian | trixie | fixed | 2:9.0.0-2 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | keystone | >=9.0.0,<9.0.1 | 9.0.1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| keystone | openstack_identity | 9.0.0.0 | |
References
- http://www.openwall.com/lists/oss-security/2016/05/17/10
- http://www.openwall.com/lists/oss-security/2016/05/17/11
- http://www.securityfocus.com/bid/90728
- https://bugs.launchpad.net/keystone/+bug/1577558
- https://review.openstack.org/#/c/311886/
- https://security.openstack.org/ossa/OSSA-2016-008.html
- https://nvd.nist.gov/vuln/detail/CVE-2016-4911
- https://github.com/openstack/keystone/commit/0d376025bae61bf5ee19d992c7f336b99ac69240
- https://github.com/openstack/keystone/commit/ee1dc941042d1f71699971c5c30566af1b348572
- https://github.com/openstack/keystone
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2016-38.yaml
- https://review.openstack.org/#/c/311886
- https://security-tracker.debian.org/tracker/CVE-2016-4911
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.