Vulnerability Details CVE-2021-3563
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 66.0%
CVSS Severity
CVSS v3 Score 7.4
References
- https://access.redhat.com/security/cve/CVE-2021-3563
- https://bugs.launchpad.net/ossa/+bug/1901891
- https://bugzilla.redhat.com/show_bug.cgi?id=1962908
- https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
- https://security-tracker.debian.org/tracker/CVE-2021-3563
- https://access.redhat.com/security/cve/CVE-2021-3563
- https://bugs.launchpad.net/ossa/+bug/1901891
- https://bugzilla.redhat.com/show_bug.cgi?id=1962908
- https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
- https://security-tracker.debian.org/tracker/CVE-2021-3563
Products affected by CVE-2021-3563
-
cpe:2.3:a:openstack:keystone:-
-
cpe:2.3:a:openstack:keystone:10.0.0
-
cpe:2.3:a:openstack:keystone:10.0.1
-
cpe:2.3:a:openstack:keystone:10.0.2
-
cpe:2.3:a:openstack:keystone:10.0.3
-
cpe:2.3:a:openstack:keystone:11.0.0
-
cpe:2.3:a:openstack:keystone:11.0.1
-
cpe:2.3:a:openstack:keystone:11.0.2
-
cpe:2.3:a:openstack:keystone:11.0.3
-
cpe:2.3:a:openstack:keystone:11.0.4
-
cpe:2.3:a:openstack:keystone:12.0.0
-
cpe:2.3:a:openstack:keystone:12.0.1
-
cpe:2.3:a:openstack:keystone:12.0.2
-
cpe:2.3:a:openstack:keystone:12.0.3
-
cpe:2.3:a:openstack:keystone:13.0.0
-
cpe:2.3:a:openstack:keystone:13.0.1
-
cpe:2.3:a:openstack:keystone:13.0.2
-
cpe:2.3:a:openstack:keystone:14.0.0
-
cpe:2.3:a:openstack:keystone:14.0.1
-
cpe:2.3:a:openstack:keystone:14.1.0
-
cpe:2.3:a:openstack:keystone:15.0.0
-
cpe:2.3:a:openstack:keystone:15.0.1
-
cpe:2.3:a:openstack:keystone:16.0.0
-
cpe:2.3:a:openstack:keystone:16.0.0.0
-
cpe:2.3:a:openstack:keystone:16.0.1
-
cpe:2.3:a:openstack:keystone:16.0.2
-
cpe:2.3:a:openstack:keystone:17.0.0
-
cpe:2.3:a:openstack:keystone:17.0.0.0
-
cpe:2.3:a:openstack:keystone:17.0.1
-
cpe:2.3:a:openstack:keystone:18.0.0
-
cpe:2.3:a:openstack:keystone:18.0.0.0
-
cpe:2.3:a:openstack:keystone:18.0.1
-
cpe:2.3:a:openstack:keystone:19.0.0
-
cpe:2.3:a:openstack:keystone:19.0.0.0
-
cpe:2.3:a:openstack:keystone:19.0.1
-
cpe:2.3:a:openstack:keystone:20.0.0
-
cpe:2.3:a:openstack:keystone:20.0.1
-
cpe:2.3:a:openstack:keystone:20.0.1-7
-
cpe:2.3:a:openstack:keystone:2012.1
-
cpe:2.3:a:openstack:keystone:2012.1.1
-
cpe:2.3:a:openstack:keystone:2012.1.2
-
cpe:2.3:a:openstack:keystone:2012.1.3
-
cpe:2.3:a:openstack:keystone:2012.2
-
cpe:2.3:a:openstack:keystone:2012.2.1
-
cpe:2.3:a:openstack:keystone:2012.2.2
-
cpe:2.3:a:openstack:keystone:2012.2.3
-
cpe:2.3:a:openstack:keystone:2012.2.4
-
cpe:2.3:a:openstack:keystone:2013
-
cpe:2.3:a:openstack:keystone:2013.1
-
cpe:2.3:a:openstack:keystone:2013.1.1
-
cpe:2.3:a:openstack:keystone:2013.1.2
-
cpe:2.3:a:openstack:keystone:2013.1.3
-
cpe:2.3:a:openstack:keystone:2013.1.4
-
cpe:2.3:a:openstack:keystone:2013.2
-
cpe:2.3:a:openstack:keystone:2013.2.1
-
cpe:2.3:a:openstack:keystone:2013.2.2
-
cpe:2.3:a:openstack:keystone:2013.2.3
-
cpe:2.3:a:openstack:keystone:2013.2.4
-
cpe:2.3:a:openstack:keystone:2014.1
-
cpe:2.3:a:openstack:keystone:2014.1.1
-
cpe:2.3:a:openstack:keystone:2014.1.2
-
cpe:2.3:a:openstack:keystone:2014.1.2.1
-
cpe:2.3:a:openstack:keystone:2014.1.3
-
cpe:2.3:a:openstack:keystone:2014.1.4
-
cpe:2.3:a:openstack:keystone:2014.1.5
-
cpe:2.3:a:openstack:keystone:2014.2
-
cpe:2.3:a:openstack:keystone:2014.2.0
-
cpe:2.3:a:openstack:keystone:2014.2.1
-
cpe:2.3:a:openstack:keystone:2014.2.2
-
cpe:2.3:a:openstack:keystone:2014.2.3
-
cpe:2.3:a:openstack:keystone:2014.2.4
-
cpe:2.3:a:openstack:keystone:2015.1.0
-
cpe:2.3:a:openstack:keystone:2015.1.1
-
cpe:2.3:a:openstack:keystone:2015.1.2
-
cpe:2.3:a:openstack:keystone:2015.1.3
-
cpe:2.3:a:openstack:keystone:2015.1.4
-
cpe:2.3:a:openstack:keystone:21.0.0
-
cpe:2.3:a:openstack:keystone:21.0.1
-
cpe:2.3:a:openstack:keystone:21.0.1-6
-
cpe:2.3:a:openstack:keystone:22.0.0
-
cpe:2.3:a:openstack:keystone:22.0.1
-
cpe:2.3:a:openstack:keystone:22.0.2
-
cpe:2.3:a:openstack:keystone:23.0.0
-
cpe:2.3:a:openstack:keystone:23.0.1
-
cpe:2.3:a:openstack:keystone:23.0.2
-
cpe:2.3:a:openstack:keystone:24.0.0
-
cpe:2.3:a:openstack:keystone:24.1.0
-
cpe:2.3:a:openstack:keystone:25.0.0
-
cpe:2.3:a:openstack:keystone:26.0.0
-
cpe:2.3:a:openstack:keystone:26.1.0
-
cpe:2.3:a:openstack:keystone:26.1.1
-
cpe:2.3:a:openstack:keystone:27.0.0
-
cpe:2.3:a:openstack:keystone:27.0.1
-
cpe:2.3:a:openstack:keystone:27.0.2
-
cpe:2.3:a:openstack:keystone:28.0.0
-
cpe:2.3:a:openstack:keystone:28.0.1
-
cpe:2.3:a:openstack:keystone:28.0.2
-
cpe:2.3:a:openstack:keystone:29.0.0
-
cpe:2.3:a:openstack:keystone:29.0.1-12
-
cpe:2.3:a:openstack:keystone:29.0.2
-
cpe:2.3:a:openstack:keystone:8.0.0
-
cpe:2.3:a:openstack:keystone:8.0.1
-
cpe:2.3:a:openstack:keystone:8.0.2
-
cpe:2.3:a:openstack:keystone:8.1.0
-
cpe:2.3:a:openstack:keystone:8.1.2
-
cpe:2.3:a:openstack:keystone:9.0.0
-
cpe:2.3:a:openstack:keystone:9.0.1
-
cpe:2.3:a:openstack:keystone:9.0.2
-
cpe:2.3:a:openstack:keystone:9.1.0
-
cpe:2.3:a:openstack:keystone:9.2.0
-
cpe:2.3:a:openstack:keystone:9.3.0
-
cpe:2.3:a:openstack:keystone:juno-1
-
cpe:2.3:a:openstack:keystone:juno-2
-
cpe:2.3:a:openstack:keystone:juno-3
-
cpe:2.3:a:redhat:openstack_platform:10.0
-
cpe:2.3:a:redhat:openstack_platform:13.0
-
cpe:2.3:a:redhat:openstack_platform:16.1
-
cpe:2.3:a:redhat:openstack_platform:16.2
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0