Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jYzk5LXdobTUtbW1xM84AAufw
Openstack Keystone Incorrect Authorization vulnerability
A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is available.
Permalink: https://github.com/advisories/GHSA-cc99-whm5-mmq3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jYzk5LXdobTUtbW1xM84AAufw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: 10 months ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Identifiers: GHSA-cc99-whm5-mmq3, CVE-2021-3563
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-3563
- https://access.redhat.com/security/cve/CVE-2021-3563
- https://bugs.launchpad.net/ossa/+bug/1901891
- https://bugzilla.redhat.com/show_bug.cgi?id=1962908
- https://security-tracker.debian.org/tracker/CVE-2021-3563
- https://review.opendev.org/c/openstack/keystone/+/803641
- https://review.opendev.org/c/openstack/keystone/+/828595
- https://review.opendev.org/c/openstack/keystone/+/856489
- https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
- https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca
- https://github.com/advisories/GHSA-cc99-whm5-mmq3
Affected Packages
pypi:keystone
Dependent packages: 3Dependent repositories: 37
Downloads: 17,946 last month
Affected Version Ranges: <= 21.0.0
No known fixed version
All affected versions: 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0