Vulnerability in Openstack-keystone

CVE-2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly…

EPSS: 0.005 (64.8th percentile) — read the EPSS interpretation.

Affected products

N/a Openstack-keystone — versions openstack-keystone as shipped in Red Hat OpenStack 16.1 and 16.2

Weakness classification (CWE)

CWE-324 — Use of a Key Past its Expiration Date

References

bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
access.redhat.com/security/cve/CVE-2022-2447 (x_refsource_MISC)