Authentication Bypass Vulnerability in Keystone by Red Hat
CVE-2022-2447
6.6MEDIUM
Summary
A vulnerability exists in Keystone where a delay, up to one hour in default configurations, occurs between the security policy actions that dictate token revocation and the actual revocation process. This flaw may enable malicious remote administrators to covertly retain access privileges longer than anticipated, potentially leading to unauthorized actions within the system.
Affected Version(s)
openstack-keystone openstack-keystone as shipped in Red Hat OpenStack 16.1 and 16.2
References
CVSS V3.1
Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved