Описание
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
Ссылки
- Vendor Advisory
- ExploitIssue TrackingVendor Advisory
- Vendor Advisory
- ExploitIssue TrackingVendor Advisory
Уязвимые конфигурации
Одновременно
Одно из
Одно из
EPSS
6.6 Medium
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
A flaw was found in Keystone. There is a time lag (up to one hour in a ...
A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access.
EPSS
6.6 Medium
CVSS3