Critical severityNVD Advisory· Published Aug 26, 2022· Updated Feb 13, 2025
CVE-2021-3563
CVE-2021-3563
Description
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonePyPI | <= 21.0.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-cc99-whm5-mmq3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3563ghsaADVISORY
- access.redhat.com/security/cve/CVE-2021-3563ghsax_refsource_MISCWEB
- bugs.launchpad.net/ossa/+bug/1901891ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2024/01/msg00007.htmlghsaWEB
- opendev.org/openstack/keystoneghsaPACKAGE
- opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dcaghsaWEB
- review.opendev.org/c/openstack/keystone/+/803641ghsaWEB
- review.opendev.org/c/openstack/keystone/+/828595ghsaWEB
- review.opendev.org/c/openstack/keystone/+/856489ghsaWEB
- security-tracker.debian.org/tracker/CVE-2021-3563ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.