CVE-2021-3563
Published: 26 August 2022
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
Notes
| Author | Note |
|---|---|
| mdeslaur | no indication of possible fix from upstream as of 2023-01-03 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
keystone Launchpad, Ubuntu, Debian |
bionic |
Deferred
(2023-01-03)
|
| focal |
Deferred
(2023-01-03)
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| jammy |
Deferred
(2023-01-03)
|
|
| kinetic |
Ignored
(end of life, was deferred [2023-01-03])
|
|
| lunar |
Ignored
(end of life, was deferred [2023-01-03])
|
|
| mantic |
Deferred
(2023-01-03)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
(2023-01-03)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.4 |
| Attack vector | Network |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |