{"alias":[],"description":"The newEntry function in ptserver\/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.","epss":{"percentile":"0.48502","score":"0.002520"},"id":"CVE-2016-2860","metrics":{"cvss2":{"ac_insuf_info":0,"access_complexity":"LOW","access_vector":"NETWORK","authentication":"SINGLE","availability_impact":"NONE","base_score":4.0,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":8.0,"impact_score":2.9,"integrity_impact":"PARTIAL","obtain_all_privilege":0,"obtain_other_privilege":0,"obtain_user_privilege":0,"user_interaction_required":0,"vector_string":"AV:N\/AC:L\/Au:S\/C:N\/I:P\/A:N","version":"2.0"},"cvss3":{"attack_complexity":"LOW","attack_vector":"NETWORK","availability_impact":"NONE","base_score":6.5,"base_severity":"MEDIUM","confidentiality_impact":"NONE","exploitability_score":2.8,"impact_score":3.6,"integrity_impact":"HIGH","privileges_required":"LOW","scope":"UNCHANGED","user_interaction":"NONE","vector_string":"CVSS:3.0\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:N\/I:H\/A:N","version":"3.0"}},"modified":"2026-05-06T22:30:45","nvd_status":"Modified","published":"2016-05-13T16:59:08","score":6.5,"severity":"MEDIUM","source":"cve@mitre.org","status":"PUBLISHED","weaknesses":[{"id":"CWE-284","name":"Improper Access Control","type":"weakness"}]}