Candidate: CVE-2016-4911
PublicDate: 2016-06-13 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4911
Description:
 The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before
 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a
 chain of tokens and bypass intended access restrictions by rescoping a
 token.
Ubuntu-Description:
Notes:
 mdeslaur> 9.0.0 only
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=824683
 https://launchpad.net/bugs/1577558
Priority: medium
Discovered-by: Lance Bragstad
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [4.3 MEDIUM]

Patches_keystone:
upstream_keystone: released (2:9.0.0-2,2:9.0.1)
precise_keystone: not-affected (code not present)
precise/esm_keystone: DNE (precise was not-affected [code not present])
trusty_keystone: not-affected (code not present)
trusty/esm_keystone: DNE (trusty was not-affected [code not present])
vivid/stable-phone-overlay_keystone: DNE
vivid/ubuntu-core_keystone: DNE
wily_keystone: not-affected (code not present)
xenial_keystone: not-affected (2:9.3.0-0ubuntu3)
esm-infra/xenial_keystone: not-affected (2:9.3.0-0ubuntu3)
yakkety_keystone: ignored (reached end-of-life)
zesty_keystone: not-affected (2:11.0.2-0ubuntu1)
devel_keystone: not-affected (2:12.0.0~rc2-0ubuntu1)