CVE-2022-2447
Severity Score
6.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
Se ha encontrado un fallo en Keystone. Hay un desfase (de hasta una hora en una configuración por defecto) entre el momento en que la política de seguridad dice que un token debe ser revocado y el momento en que realmente lo es. Esto podría permitir a un administrador remoto mantener secretamente el acceso durante más tiempo del esperado
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-07-16 CVE Reserved
- 2022-09-01 CVE Published
- 2024-03-24 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-324: Use of a Key Past its Expiration Date
- CWE-672: Operation on a Resource after Expiration or Release
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2105419 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2022-2447 | 2022-10-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 16.1 Search vendor "Redhat" for product "Openstack" and version "16.1" | - |
Safe
|
| Openstack Search vendor "Openstack" | Keystone Search vendor "Openstack" for product "Keystone" | - | - |
Affected
| in | Redhat Search vendor "Redhat" | Openstack Search vendor "Redhat" for product "Openstack" | 16.2 Search vendor "Redhat" for product "Openstack" and version "16.2" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openstack Platform Search vendor "Redhat" for product "Openstack Platform" | 16.1 Search vendor "Redhat" for product "Openstack Platform" and version "16.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openstack Platform Search vendor "Redhat" for product "Openstack Platform" | 16.2 Search vendor "Redhat" for product "Openstack Platform" and version "16.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Quay Search vendor "Redhat" for product "Quay" | 3.0.0 Search vendor "Redhat" for product "Quay" and version "3.0.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Storage Search vendor "Redhat" for product "Storage" | 3.0 Search vendor "Redhat" for product "Storage" and version "3.0" | - |
Affected
| ||||||