CVE-2022-2447
Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 01 Sept 2022, 20:30
Last modified:03 Aug 2024, 00:39
Vulnerability Summary
Overall Risk (default)
medium
36/100 CVSS Score
6.6 MEDIUM
v3.1 (nvd)
EPSS Score
0.47% LOW
0% probability -0.16%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
01 Sept 2022, 20:30
Published
Vulnerability first disclosed
03 Aug 2024, 00:39
Last Modified
Vulnerability information updated
Description
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
CVSS Metrics
- v3.1•MEDIUM•Score: 6.6CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Trends
Current EPSS score: 0.47%• Percentile: 65%
Techniques & Countermeasures
- CWE-672•Operation on a Resource after Expiration or Release
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
- CWE-324•Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
Affected Systems
- openstack•keystone
na
- redhat•openstack_platform
16.1 | 16.2
- redhat•quay
3.0.0
- redhat•storage
3.0