CVE-2022-2447

MEDIUM

Keystone - Info Disclosure

Title source: llm

Description

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

References (2)

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2022-2447

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2105419

Scores

CVSS v3 6.6

EPSS 0.0063

EPSS Percentile 69.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-672 CWE-324

Status published

Affected Products (5)

openstack/keystone

redhat/openstack_platform

redhat/quay

redhat/storage

Timeline

Published Sep 01, 2022

Tracked Since Feb 18, 2026