CVE-2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

Published: Sep 1, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-2447
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.6
AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-672

Affected Software
References

Software	From	Fixed in
redhat / storage	3.0	3.0.x
redhat / quay	3.0.0	3.0.0.x
redhat / openstack_platform	16.1	16.1.x
redhat / openstack_platform	16.2	16.2.x

https://access.redhat.com/security/cve/CVE-2022-2447
https://bugzilla.redhat.com/show_bug.cgi?id=2105419

Vulnerability Database

289,598

CVE-2022-2447