CVE-2022-2447

MEDIUM

Keystone - Info Disclosure

Title source: llm

Description

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

References (2)

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2105419

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2022-2447

Scores

CVSS v3 6.6

EPSS 0.0063

EPSS Percentile 70.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-672 CWE-324

Status published

Products (5)

openstack/keystone

redhat/openstack_platform 16.1

redhat/openstack_platform 16.2

redhat/quay 3.0.0

redhat/storage 3.0

Published Sep 01, 2022

Tracked Since Feb 18, 2026