Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

Related bugs and status

CVE-2022-2447 (Candidate) is related to these bugs:

Bug #1992183: Openstack: Application credential token remains valid longer than expected (CVE-2022-2447)

Summary				In	Importance	Status
	1992183	Openstack: Application credential token remains valid longer than expected (CVE-2022-2447)		OpenStack Identity (keystone)	High	Fix Released
	1992183	Openstack: Application credential token remains valid longer than expected (CVE-2022-2447)		OpenStack Security Advisory	Undecided	Incomplete

See the

CVE page on Mitre.org for more details.

References

MISC: https://access.redhat....
MISC: https://bugzilla.redha...