Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3563

Опубликовано: 26 авг. 2022
Источник: debian
EPSS Низкий

Описание

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
keystonefixed2:23.0.0-3package
keystoneno-dsabookwormpackage
keystoneno-dsabullseyepackage
keystoneend-of-lifestretchpackage

Примечания

  • https://bugzilla.redhat.com/show_bug.cgi?id=1962908

  • https://bugs.launchpad.net/keystone/+bug/1901891

  • https://opendev.org/openstack/keystone/commit/6730c761d18aa547998f2add833c13f45f257fe7

  • Fixed in 22.0.1

EPSS

Процентиль: 16%
0.00053
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-3563

CVSS3: 7.4
ubuntu
больше 3 лет назад

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

redhat логотип

CVE-2021-3563

CVSS3: 7.4
redhat
почти 5 лет назад

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

nvd логотип

CVE-2021-3563

CVSS3: 7.4
nvd
больше 3 лет назад

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

github логотип

GHSA-cc99-whm5-mmq3

CVSS3: 9.1
github
больше 3 лет назад

Openstack Keystone Incorrect Authorization vulnerability

EPSS

Процентиль: 16%
0.00053
Низкий