CVE-2022-2447 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.6 MEDIUM	NETWORK	HIGH	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Vendor	Product	Version
openstack	keystone	-
redhat	openstack_platform	16.1
redhat	openstack_platform	16.2
redhat	quay	3.0.0
redhat	storage	3.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

python-keystonemiddleware

bullseye	no-dsa
buster	no-dsa
bookworm	10.1.0-4 fixed
sid	10.7.1-2 fixed
trixie	10.7.1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

keystone

noble	needed
mantic	ignored
lunar	ignored
kinetic	ignored
jammy	needed
focal	needed
bionic	needed
xenial	needed
trusty	ignored

Known Exploits!

Common Weakness Enumeration

CWE-324 - Use of a Key Past its Expiration Date
The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
CWE-672 - Operation on a Resource after Expiration or Release
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

References

https://access.redhat.com/security/cve/CVE-2022-2447

https://bugzilla.redhat.com/show_bug.cgi?id=2105419

https://access.redhat.com/security/cve/CVE-2022-2447

https://bugzilla.redhat.com/show_bug.cgi?id=2105419