Home > Vulnerability Database > CVE-2021-3563

Mend.io Vulnerability Database

CVE-2021-3563

Date: August 26, 2022

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.

Language: Python

Severity Score

7.4

Related Resources (12)

Url: https://access.redhat.com/security/cve/CVE-2021-3563

Url: https://bugs.launchpad.net/ossa/+bug/1901891

Url: https://review.opendev.org/c/openstack/keystone/+/856489

Url: https://review.opendev.org/c/openstack/keystone/+/828595

Url: https://opendev.org/openstack/keystone/commit/7859ed26003858ebfd9a5e866b43f1a6a9e83dca

Url: https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html

Url: https://review.opendev.org/c/openstack/keystone/+/803641

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3563

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1962908

Url: https://opendev.org/openstack/keystone

Url: https://security-tracker.debian.org/tracker/CVE-2021-3563

Url: https://www.mend.io/vulnerability-database/CVE-2021-3563

Severity Score

7.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3563

Date: August 26, 2022

Language: Python

Severity Score

Related Resources (12)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?