CVE-2021-3563
keystone - security update
9.1
CRITICAL
CVSS 3.1
EPSS 0.04%
Description
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.
How to fix CVE-2021-3563
To remediate CVE-2021-3563, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 2:14.2.0-0+deb10u2 or later
- —no fix listed
Is CVE-2021-3563 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0
- from 0, < 2:14.2.0-0+deb10u2
- from 0, <= 21.0.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |