CVE-2022-2447
published 2022-09-01CVE-2022-2447: A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from…
medium6.6CVSS 3.1
AVNACHPRHUINSUCHIHAH
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-keystonemiddleware | < python-keystonemiddleware 10.1.0-4 (bookworm) | python-keystonemiddleware 10.1.0-4 (bookworm) |
| openstack | keystone | >= 0 < 2:21.0.1-0ubuntu2.1 | 2:21.0.1-0ubuntu2.1 |
| redhat | openstack_platform | — | — |
| redhat | openstack_platform | — | — |
| redhat | quay | — | — |
| redhat | storage | — | — |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
osv7.4HIGH