Vulnerability Description
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Keystone | All versions |
| Debian | Debian Linux | 10.0 |
| Redhat | Openstack Platform | 10.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/security/cve/CVE-2021-3563Issue TrackingThird Party Advisory
- https://bugs.launchpad.net/ossa/+bug/1901891ExploitIssue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1962908ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
- https://security-tracker.debian.org/tracker/CVE-2021-3563ExploitIssue TrackingThird Party Advisory
- https://access.redhat.com/security/cve/CVE-2021-3563Issue TrackingThird Party Advisory
- https://bugs.launchpad.net/ossa/+bug/1901891ExploitIssue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1962908ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html
- https://security-tracker.debian.org/tracker/CVE-2021-3563ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2021-3563?
CVE-2021-3563 is a vulnerability with a CVSS score of 7.4 (HIGH). A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. T...
How severe is CVE-2021-3563?
CVE-2021-3563 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3563?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Keystone, Debian Debian Linux, Redhat Openstack Platform.