GHSA-cc99-whm5-mmq3

Suggest an improvement
Source
https://github.com/advisories/GHSA-cc99-whm5-mmq3
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-cc99-whm5-mmq3/GHSA-cc99-whm5-mmq3.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cc99-whm5-mmq3
Aliases
Published
2022-08-27T00:00:44Z
Modified
2024-02-16T08:10:44.167521Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Openstack Keystone Incorrect Authorization vulnerability
Details

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is available.

Database specific
{
    "nvd_published_at": "2022-08-26T16:15:00Z",
    "cwe_ids": [
        "CWE-863"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-16T21:08:51Z"
}
References

Affected packages

PyPI / keystone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
21.0.0

Affected versions

12.*

12.0.2
12.0.3

13.*

13.0.2
13.0.3
13.0.4

14.*

14.0.0
14.0.1
14.1.0
14.2.0

15.*

15.0.0.0rc1
15.0.0.0rc2
15.0.0
15.0.1

16.*

16.0.0.0rc1
16.0.0.0rc2
16.0.0
16.0.1
16.0.2

17.*

17.0.0.0rc1
17.0.0.0rc2
17.0.0
17.0.1

18.*

18.0.0.0rc1
18.0.0
18.1.0

19.*

19.0.0.0rc1
19.0.0.0rc2
19.0.0
19.0.1

20.*

20.0.0.0rc1
20.0.0
20.0.1

21.*

21.0.0.0rc1
21.0.0