MEDIUM🇵🇱 Wersja polska

CVE-2022-2447

CVSS 6.6v3.1pub. 2022-09-01upd. 2024-11-21

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Openstack Keystone

    APP
    Openstack
    wszystkie wersje
  • Red Hat Openstack

    APP
    Redhat
    16.116.2
  • Red Hat Openstack Platform

    APP
    Redhat
    16.116.2
  • Red Hat Quay

    APP
    Redhat
    3.0.0
  • Red Hat Storage

    APP
    Redhat
    3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2012-1823CRITICAL9.8⚠ KEVten sam produkt

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi)...

CVE-2023-3961CRITICAL9.1ten sam produkt

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix do...

CVE-2022-26148CRITICAL9.8ten sam produkt

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be foun...

CVE-2021-3762CRITICAL9.8ten sam produkt

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this b...

CVE-2020-27832CRITICAL9.0ten sam produkt

A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS) vulnerability when disp...