UBUNTU-CVE-2021-3563
- Source
- https://ubuntu.com/security/CVE-2021-3563
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-3563.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-3563
- Upstream
- Downstream
- Related
- Published
- 2022-08-26T16:15:00Z
- Modified
- 2025-12-12T08:52:10.176495Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
- References
Affected packages
Ubuntu:16.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone@2:9.3.0-0ubuntu3.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:8.*
2:8.0.0-0ubuntu1
2:9.*
2:9.0.0~b1-0ubuntu1
2:9.0.0~b2-0ubuntu1
2:9.0.0~b3-0ubuntu1
2:9.0.0~rc1-0ubuntu1
2:9.0.0-0ubuntu1
2:9.0.2-0ubuntu1
2:9.0.2-0ubuntu2
2:9.1.0-0ubuntu1
2:9.2.0-0ubuntu1
2:9.3.0-0ubuntu1
2:9.3.0-0ubuntu2
2:9.3.0-0ubuntu3
2:9.3.0-0ubuntu3.1
2:9.3.0-0ubuntu3.2
Ubuntu:18.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone@2:13.0.4-0ubuntu1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:12.*
2:12.0.0-0ubuntu1
2:13.*
2:13.0.0~b1-0ubuntu1
2:13.0.0~b2-0ubuntu1
2:13.0.0~b3-0ubuntu1
2:13.0.0~rc1-0ubuntu1
2:13.0.0~rc2-0ubuntu1
2:13.0.0-0ubuntu1
2:13.0.1-0ubuntu1
2:13.0.2-0ubuntu1
2:13.0.2-0ubuntu3
2:13.0.4-0ubuntu1
Ubuntu:20.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone@2:17.0.1-0ubuntu2?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:16.*
2:16.0.0-0ubuntu1
2:17.*
2:17.0.0~b1~git2019121613.db81fee63-0ubuntu1
2:17.0.0~b2~git2020020513.99733f172-0ubuntu1
2:17.0.0~b3~git2020032415.9f9040257-0ubuntu1
2:17.0.0~b3~git2020032415.9f9040257-0ubuntu2
2:17.0.0~b3~git2020041013.7bb6314e4-0ubuntu1
2:17.0.0-0ubuntu0.20.04.1
2:17.0.1-0ubuntu1
2:17.0.1-0ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:17.0.1-0ubuntu2",
"binary_name": "keystone"
},
{
"binary_version": "2:17.0.1-0ubuntu2",
"binary_name": "keystone-common"
},
{
"binary_version": "2:17.0.1-0ubuntu2",
"binary_name": "python3-keystone"
}
],
"priority_reason": "Upstream keystone developers have rated this to be a low severity issue"
}
Ubuntu:22.04:LTS / keystone
Package
- Name
- keystone
- Purl
- pkg:deb/ubuntu/keystone@2:21.0.1-0ubuntu2.1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:21.0.1-0ubuntu2.1
Affected versions
2:20.*
2:20.0.0-0ubuntu1
2:20.0.0+git2021120815.2ddf8f321-0ubuntu1
2:20.0.0+git2022011217.771c943ad-0ubuntu1
2:20.0.0+git2022030313.a3fc9e7c3-0ubuntu1
2:21.*
2:21.0.0-0ubuntu1
2:21.0.1-0ubuntu1
2:21.0.1-0ubuntu2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:21.0.1-0ubuntu2.1",
"binary_name": "keystone"
},
{
"binary_version": "2:21.0.1-0ubuntu2.1",
"binary_name": "keystone-common"
},
{
"binary_version": "2:21.0.1-0ubuntu2.1",
"binary_name": "python3-keystone"
}
],
"availability": "No subscription required",
"priority_reason": "Upstream keystone developers have rated this to be a low severity issue"
}