CVE-2022-2447

Summary

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

Affected Software

VendorProductVersion RangeStatus
n/aopenstack-keystoneopenstack-keystone as shipped in Red Hat OpenStack 16.1 and 16.2affected

Weaknesses

  • CWE-324: CWE-324

ADP Enrichment

CVE Program Container

Additional References

References