GHSA-cc99-whm5-mmq3

Source

https://github.com/advisories/GHSA-cc99-whm5-mmq3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-cc99-whm5-mmq3/GHSA-cc99-whm5-mmq3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cc99-whm5-mmq3

Aliases

CVE-2021-3563

Published

2022-08-27T00:00:44Z

Modified

2024-01-22T20:30:57.174745Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Openstack Keystone Incorrect Authorization vulnerability

Details

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is available.

References

Affected packages

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

21.0.0

Affected versions

12.*

12.0.2

12.0.3

13.*

13.0.2

13.0.3

13.0.4

14.*

14.0.0

14.0.1

14.1.0

14.2.0

15.*

15.0.0.0rc1

15.0.0.0rc2

15.0.0

15.0.1

16.*

16.0.0.0rc1

16.0.0.0rc2

16.0.0

16.0.1

16.0.2

17.*

17.0.0.0rc1

17.0.0.0rc2

17.0.0

17.0.1

18.*

18.0.0.0rc1

18.0.0

18.1.0

19.*

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.0.1

20.*

20.0.0.0rc1

20.0.0

20.0.1

21.*

21.0.0.0rc1

21.0.0