CVE-2022-2447

CWE-324 CWE-672 CWE-13010 documents7 sources

Severity

6.6MEDIUM

EPSS

0.6%

top 29.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Openstack Platform Redhat Quay Redhat Storage

Timeline

PublishedSep 1

Latest updateDec 11

Description

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages5 packages

▶Debianpython-keystonemiddleware< 10.1.0-4+2

▶CVEListV5openstack-keystoneopenstack-keystone as shipped in Red Hat OpenStack 16.1 and 16.2

▶NVDredhat/quay3.0.0

▶NVDredhat/storage3.0

▶NVDredhat/openstack_platform16.1, 16.2+1

🔴Vulnerability Details

OSV

keystone vulnerabilities↗2025-12-11

▶

GHSA

GHSA-r88f-774m-5rj4: A flaw was found in OpenStack↗2022-09-02

▶

OSV

CVE-2022-2447: A flaw was found in Keystone↗2022-09-01

▶

CVEList

CVE-2022-2447: A flaw was found in Keystone↗2022-09-01

▶

📋Vendor Advisories

Ubuntu

OpenStack Keystone vulnerabilities↗2025-12-11

▶

Red Hat

kernel: netlink: Bounds-check struct nlmsgerr creation↗2025-05-01

▶

Red Hat

Openstack: Application credential token remains valid longer than expected↗2022-07-08

▶

Debian

CVE-2022-2447: python-keystonemiddleware - A flaw was found in Keystone. There is a time lag (up to one hour in a default c...↗2022

▶