CVE-2022-2447 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.6 MEDIUM	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Affected Products (NVD)

Vendor	Product	Version
openstack	keystone	-
redhat	openstack_platform	16.1
redhat	openstack_platform	16.2
redhat	quay	3.0.0
redhat	storage	3.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-keystonemiddleware

bookworm	10.1.0-4 fixed
bullseye	no-dsa
buster	no-dsa
sid	10.7.1-2 fixed
trixie	10.7.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

keystone

bionic	needed
focal	needed
jammy	needed
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needed
trusty	ignored
xenial	needed

Known Exploits!

Common Weakness Enumeration

CWE-324 - Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
CWE-672 - Operation on a Resource after Expiration or Release
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

References

https://access.redhat.com/security/cve/CVE-2022-2447

https://bugzilla.redhat.com/show_bug.cgi?id=2105419

https://access.redhat.com/security/cve/CVE-2022-2447

https://bugzilla.redhat.com/show_bug.cgi?id=2105419