Back to bug 2105419
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sage McTaggart | 2022-07-08 18:36:18 UTC | CC | aileenc, alphacc, aos-install, apevec, apevec, asoldano, athomas, augol, balejosg, bbaranow, bdettelb, bmaxwell, bmontgom, bnemec, brian.stansberry, cdewolf, chazlett, cinder-bugs, cluster-maint, cyril, darran.lofthouse, dkreling, dosoudil, eharney, eparis, fjuma, gmalinko, gwync, hguemar, iweiss, janstey, jburrell, jochrist, jpavlik, jschatte, jschluet, jslagle, jvisser, jwon, karlthered, krathod, lbragsta, lgao, mfojtik, mosmerov, mrunge, msochure, msvehla, nkinder, nobody, nstielau, nwallace, oalbrigt, openstack-manila-bugs, openstack-sig, pabelanger, pantinor, peholase, pjindal, pmackay, rareddy, rdopiera, rhos-maint, rstancel, rsvoboda, slaznick, slinaber, smaestri, sponnaga, srevivo, surbania, tom.jenkinson, tvignaud, vimartin, zaitcev | |
| Sage McTaggart | 2022-07-08 18:37:08 UTC | Blocks | 2105420 | |
| Luigi Toscano | 2022-07-08 19:29:17 UTC | Flags | needinfo?(amctagga) | |
| CC | ltoscano | |||
| Luigi Toscano | 2022-07-12 12:47:39 UTC | CC | alee | |
| Sage McTaggart | 2022-07-12 19:52:44 UTC | CC | pprinett | |
| Flags | needinfo?(amctagga) | needinfo?(pprinett) | ||
| Pierre Prinetti | 2022-07-13 08:42:43 UTC | CC | maandre | |
| Pierre Prinetti | 2022-07-13 08:54:17 UTC | Flags | needinfo?(pprinett) | |
| Miguel Garcia | 2022-07-14 12:37:54 UTC | Group | security | |
| Red Hat Bugzilla | 2022-07-14 12:37:54 UTC | CC | security-response-team | |
| Sage McTaggart | 2022-07-14 13:40:45 UTC | Group | qe_staff | |
| Deadline | 2022-07-08 | |||
| Severity | high | medium | ||
| Summary | Openstack: Application credential token is valid beyond credentials expiration | EMBARGOED Openstack: Application credential token is valid beyond credentials expiration | ||
| Priority | high | medium | ||
| Sage McTaggart | 2022-07-14 18:35:03 UTC | Deadline | 2022-07-08 | |
| Group | qe_staff, security | |||
| Summary | EMBARGOED Openstack: Application credential token is valid beyond credentials expiration | Openstack: Application credential token is valid beyond credentials expiration | ||
| Nick Tait | 2022-07-16 19:40:43 UTC | Summary | Openstack: Application credential token is valid beyond credentials expiration | CVE-2022-2447 Openstack: Application credential token is valid beyond credentials expiration |
| Alias | CVE-2022-2447 | |||
| Red Hat Bugzilla | 2022-07-25 08:30:05 UTC | CC | aos-install | |
| Nick Tait | 2022-08-11 23:52:00 UTC | CC | alphacc, athomas, augol, cinder-bugs, eharney, gwync, karlthered, nobody, oblaut, openstack-sig, pabelanger, srevivo, vimartin, zaitcev | |
| Nick Tait | 2022-08-12 16:26:33 UTC | CC | mgarciac, oblaut | |
| Nick Tait | 2022-08-12 16:27:29 UTC | Depends On | 2117920 | |
| Nick Tait | 2022-08-12 17:10:34 UTC | Depends On | 2117923, 2117924 | |
| Nick Tait | 2022-08-20 16:10:19 UTC | Doc Text | Application credential token can be used even after they have expired. An authenticated remote attacker could maintain access despite defender's efforts to remove access. | |
| Avinash Hanwate | 2022-08-22 03:18:48 UTC | Depends On | 2120165 | |
| Avinash Hanwate | 2022-08-22 03:20:33 UTC | Depends On | 2120167 | |
| RaTasha Tillery-Smith | 2022-08-22 11:32:52 UTC | Doc Text | Application credential token can be used even after they have expired. An authenticated remote attacker could maintain access despite defender's efforts to remove access. | A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access. |
| Nick Tait | 2022-09-09 20:34:28 UTC | Summary | CVE-2022-2447 Openstack: Application credential token is valid beyond credentials expiration | CVE-2022-2447 Openstack: Application credential token remains valid longer than expected |
| Nick Tait | 2022-09-09 21:10:09 UTC | Doc Text | A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access. | A flaw was found in Keystone. The application credential tokens could be used for up to an hour (in a default configuration) after they are supposed to expire. This could allow an authenticated service to operate longer than expected. |
| Nick Tait | 2022-09-13 21:43:20 UTC | Doc Text | A flaw was found in Keystone. The application credential tokens could be used for up to an hour (in a default configuration) after they are supposed to expire. This could allow an authenticated service to operate longer than expected. | A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. |
| Grzegorz Grasza | 2022-10-07 15:36:25 UTC | Link ID | Launchpad.net ossa/+bug/1992183 | |
| CC | ggrasza | |||
| Red Hat Bugzilla | 2022-10-28 13:12:57 UTC | CC | krathod | |
| Anten Skrabec | 2022-12-15 21:36:51 UTC | Depends On | 2154111 | |
| Red Hat Bugzilla | 2023-05-24 06:54:30 UTC | CC | jvisser | |
| Red Hat Bugzilla | 2023-07-07 08:33:39 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody | ||
| Red Hat Bugzilla | 2023-07-21 22:26:21 UTC | CC | jpavlik |
Back to bug 2105419