CVE-2022-2447

Name of the Vulnerable Software and Affected Versions Keystone (affected versions not specified)

Description A flaw was found in Keystone, where there is a time lag of up to one hour in the default configuration between when the security policy says a token should be revoked and when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. The issue is related to the revocation of token access, potentially allowing an authenticated remote attacker to obtain access despite efforts to remove it.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.