CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2447

A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.3%

CVSS Severity

CVSS v3 Score 6.6

References

Products affected by CVE-2022-2447

Openstack » Keystone » Version: N/A

cpe:2.3:a:openstack:keystone:-
Redhat » Openstack » Version: 16.1

cpe:2.3:a:redhat:openstack:16.1
Redhat » Openstack » Version: 16.2

cpe:2.3:a:redhat:openstack:16.2
Redhat » Openstack Platform » Version: 16.1

cpe:2.3:a:redhat:openstack_platform:16.1
Redhat » Openstack Platform » Version: 16.2

cpe:2.3:a:redhat:openstack_platform:16.2
Redhat » Quay » Version: 3.0.0

cpe:2.3:a:redhat:quay:3.0.0
Redhat » Storage » Version: 3.0

cpe:2.3:a:redhat:storage:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-2447

Products

Pricing

Contact Us