A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Keystone | Openstack | - (including) | - (including) |