High severityNVD Advisory· Published Aug 6, 2021· Updated Aug 4, 2024
CVE-2021-38155
CVE-2021-38155
Description
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonePyPI | >= 10.0, < 16.0.2 | 16.0.2 |
keystonePyPI | >= 17.0, < 17.0.1 | 17.0.1 |
keystonePyPI | >= 18.0, < 18.0.1 | 18.0.1 |
keystonePyPI | >= 19.0, < 19.0.1 | 19.0.1 |
Affected products
82- OpenStack/Keystonedescription
- ghsa-coords81 versionspkg:pypi/keystonepkg:rpm/suse/ardana-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kibana&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-heat-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-keystone-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-monasca-notification&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-notification&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-notification&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-lxml&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-lxml&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-XStatic-jquery-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-XStatic-jquery-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-sinatra&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209
>= 10.0, < 16.0.2+ 80 more
- (no CPE)range: >= 10.0, < 16.0.2
- (no CPE)range: < 9.0+git.1644879908.8a641c1-3.13.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 8.20211112-1.38.1
- (no CPE)range: < 6.7.4-3.26.1
- (no CPE)range: < 6.7.4-3.26.1
- (no CPE)range: < 4.6.6-3.12.1
- (no CPE)range: < 4.6.6-3.12.1
- (no CPE)range: < 4.6.6-3.12.1
- (no CPE)range: < 7.0.1~dev24-3.14.1
- (no CPE)range: < 7.0.1~dev24-3.14.1
- (no CPE)range: < 13.0.10~dev24-3.34.2
- (no CPE)range: < 13.0.10~dev24-3.34.2
- (no CPE)range: < 14.0.1~dev4-3.9.1
- (no CPE)range: < 14.0.1~dev4-3.9.1
- (no CPE)range: < 14.0.1~dev3-3.9.1
- (no CPE)range: < 14.0.1~dev3-3.9.1
- (no CPE)range: < 11.1.5~dev18-3.28.2
- (no CPE)range: < 11.1.5~dev18-3.28.2
- (no CPE)range: < 12.0.4~dev11-5.36.1
- (no CPE)range: < 12.0.4~dev11-5.36.1
- (no CPE)range: < 14.2.1~dev9-3.28.2
- (no CPE)range: < 12.0.4~dev11-5.36.1
- (no CPE)range: < 14.2.1~dev9-3.28.2
- (no CPE)range: < 12.0.4~dev11-5.36.1
- (no CPE)range: < 12.0.4~dev11-5.36.1
- (no CPE)range: < 12.0.4~dev11-5.36.1
- (no CPE)range: < 1.10.2~dev4-3.9.1
- (no CPE)range: < 1.10.2~dev4-3.9.1
- (no CPE)range: < 1.10.2~dev4-3.9.1
- (no CPE)range: < 13.0.8~dev206-3.40.1
- (no CPE)range: < 13.0.8~dev206-3.40.1
- (no CPE)range: < 14.0.1~dev33-3.31.1
- (no CPE)range: < 14.0.1~dev33-3.31.1
- (no CPE)range: < 4.2.4-3.3.1
- (no CPE)range: < 4.2.4-3.3.1
- (no CPE)range: < 5.2.0-3.17.1
- (no CPE)range: < 5.2.0-3.17.1
- (no CPE)range: < 1.13.0.1-4.3.1
- (no CPE)range: < 1.13.0.1-4.3.1
- (no CPE)range: < 9.20220413-3.30.1
- (no CPE)range: < 9.20220413-3.30.1
- (no CPE)range: < 1.4.6-4.3.1
- (no CPE)range: < 7.0.1~dev24-3.35.2
- (no CPE)range: < 13.0.10~dev24-3.38.1
- (no CPE)range: < 7.0.2~dev2-3.35.1
- (no CPE)range: < 17.0.1~dev30-3.33.1
- (no CPE)range: < 11.0.4~dev4-3.35.1
- (no CPE)range: < 14.1.1~dev11-4.39.1
- (no CPE)range: < 11.1.5~dev18-4.33.1
- (no CPE)range: < 12.0.4~dev11-11.45.1
- (no CPE)range: < 12.0.4~dev11-11.45.1
- (no CPE)range: < 14.2.1~dev9-3.36.1
- (no CPE)range: < 7.2.1~dev1-4.35.1
- (no CPE)range: < 7.4.2~dev60-3.41.1
- (no CPE)range: < 1.8.2~dev3-3.35.1
- (no CPE)range: < 2.2.2~dev1-11.45.1
- (no CPE)range: < 2.2.2~dev1-11.45.1
- (no CPE)range: < 2.7.1~dev10-3.37.1
- (no CPE)range: < 13.0.8~dev206-6.39.1
- (no CPE)range: < 18.3.1~dev91-3.39.1
- (no CPE)range: < 3.2.3~dev7-4.35.1
- (no CPE)range: < 9.0.2~dev15-3.35.1
- (no CPE)range: < 2.19.2~dev48-2.30.1
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-4225-97pr-rr52ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38155ghsaADVISORY
- www.openwall.com/lists/oss-security/2021/08/10/5ghsamailing-listWEB
- github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75dghsaWEB
- github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8ghsaWEB
- github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626ghsaWEB
- launchpad.net/bugs/1688137ghsaWEB
- lists.debian.org/debian-lts-announce/2024/01/msg00007.htmlghsamailing-listWEB
- security.openstack.org/ossa/OSSA-2021-003.htmlghsaWEB
News mentions
0No linked articles in our index yet.