CVE-2021-3563

Published: Aug 26, 2022Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Affected (7)

Products: Openstack: Keystone · Debian: Debian Linux · Redhat: Openstack Platform

1 product

1 product

1 product

Openstack Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Keystone	All versions

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack Platform	Version 10.0
Redhat Openstack Platform	Version 13.0
Redhat Openstack Platform	Version 16.1
Redhat Openstack Platform	Version 16.2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (10)

https://access.redhat.com/security/cve/CVE-2021-3563

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugs.launchpad.net/ossa/+bug/1901891

Source: secalert@redhat.com

ExploitIssue TrackingThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1962908

Source: secalert@redhat.com

ExploitIssue TrackingThird Party AdvisoryVendor Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

Source: secalert@redhat.com

https://security-tracker.debian.org/tracker/CVE-2021-3563

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://access.redhat.com/security/cve/CVE-2021-3563

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://bugs.launchpad.net/ossa/+bug/1901891

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=1962908

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party AdvisoryVendor Advisory

https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://security-tracker.debian.org/tracker/CVE-2021-3563

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.