PyPi: Keystone

CVE-2021-3563

Safety vulnerability ID: 50789

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 26, 2022 Updated at Nov 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Keystone is affected by CVE-2021-3563: Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
https://bugs.launchpad.net/ossa/+bug/1901891

Affected package

keystone

Latest version: 26.0.0

OpenStack Identity

Affected versions

Fixed versions

Vulnerability changelog

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. See CVE-2021-3563.

MISC:https://access.redhat.com/security/cve/CVE-2021-3563: https://access.redhat.com/security/cve/CVE-2021-3563
MISC:https://bugs.launchpad.net/ossa/+bug/1901891: https://bugs.launchpad.net/ossa/+bug/1901891
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1962908: https://bugzilla.redhat.com/show_bug.cgi?id=1962908
MISC:https://security-tracker.debian.org/tracker/CVE-2021-3563: https://security-tracker.debian.org/tracker/CVE-2021-3563

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.4

CVSS v3 Details

HIGH 7.4

Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): HIGH
Integrity Impact (I): HIGH
Availability Availability (A): NONE