VDB
CVE-2021-3563
CVE-2021-3563
PUBLISHED
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
EPSS 0.04% · 12.8th percentile
Risk Scores
EPSS Score
0.04%
12.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | keystone | 0, 2:9.3.0-0ubuntu3.2, 2:9.3.0-0ubuntu3.1 |
| Ubuntu:18.04:LTS | keystone | 2:13.0.4-0ubuntu1, 0, 2:12.0.0-0ubuntu1 |
| Ubuntu:22.04:LTS | keystone | 2:21.0.1-0ubuntu1, 2:20.0.0+git2022030313.a3fc9e7c3-0ubuntu1, 2:20.0.0+git2022011217.771c943ad-0ubuntu1 |
| Ubuntu:Pro:20.04:LTS | keystone | 2:17.0.0-0ubuntu0.20.04.1, 2:17.0.0~b3~git2020041013.7bb6314e4-0ubuntu1, 0 |
Timeline
- Aug 26, 2022 CVE Published
- Aug 27, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
- Nov 26, 2022 EPSS Score
- Feb 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 12, 2023 EPSS Score
- May 27, 2023 EPSS Score
- Jul 12, 2023 EPSS Score
- Aug 26, 2023 EPSS Score
- Nov 25, 2023 EPSS Score
- Jan 10, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-3563 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-3563 third-party-advisory
- https://ubuntu.com/security/notices/USN-7926-1 vendor-advisory