CVE-2021-3563

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3563
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3563.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3563
Aliases
Downstream
Published
2022-08-26T16:15:08.867Z
Modified
2026-04-02T07:01:20.197971Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Affected packages

Git / github.com/openstack/keystone

Affected ranges

Type
GIT
Repo
https://github.com/openstack/keystone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
339e7cc798aed24b7697980eb7cf8e20498d436d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
78adc33858509cac2f597f7e38a8f5f189ad2495
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
339e7cc798aed24b7697980eb7cf8e20498d436d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
847676854572e0c36535048b731f966590adb746
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0"
        }
    ]
}

Affected versions

10.*
10.0.0
10.0.0.0b1
10.0.0.0b2
10.0.0.0b3
10.0.0.0rc1
10.0.0.0rc2
10.0.0.0rc3
11.*
11.0.0
11.0.0.0b1
11.0.0.0b2
11.0.0.0b3
11.0.0.0rc1
2011.*
2011.3
2011.3.1
2012.*
2012.1
2012.1.1
2012.1.2
2012.1.3
2012.2
2012.2.1
2012.2.3
2012.2.4
2013.*
2013.1
2013.1.1
2013.1.2
2013.1.3
2013.1.4
2013.1.5
2013.1.g3
2013.1.rc1
2013.1.rc2
2013.1.rc3
2013.2
2013.2.1
2013.2.2
2013.2.3
2013.2.4
2013.2.b1
2013.2.b2
2013.2.b3
2013.2.rc1
2013.2.rc2
2013.2.rc3
2013.2.rc4
2014.*
2014.1
2014.1.1
2014.1.2
2014.1.2.1
2014.1.3
2014.1.4
2014.1.5
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.1.rc2
2014.2
2014.2.1
2014.2.2
2014.2.3
2014.2.4
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2014.2.rc2
2015.*
2015.1.0
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
2015.1.0rc2
2015.1.1
2015.1.2
2015.1.3
2015.1.4
8.*
8.0.0
8.0.0.0b1
8.0.0.0b2
8.0.0.0b3
8.0.0.0rc1
8.0.0.0rc2
8.0.0a0
8.0.1
8.1.0
8.1.2
9.*
9.0.0
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
9.0.0.0rc2
9.0.0.0rc3
9.0.1
9.0.2
9.1.0
9.2.0
9.3.0
Other
diablo-eol
essex-1
essex-2
essex-3
essex-4
essex-eol
essex-rc1
essex-rc2
folsom-1
folsom-2
folsom-3
folsom-eol
folsom-rc1
folsom-rc2
grizzly-1
grizzly-2
grizzly-eol
havana-eol
icehouse-eol
juno-eol
kilo-eol
liberty-eol
mitaka-eol

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3563.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.2"
            }
        ]
    }
]