What is CVE-2021-3563?

CVE-2021-3563 is a high-severity vulnerability in Openstack Keystone, classified under Incorrect Authorization. CVSS score: 7.4/10. Published 2022-08-26.

How severe is CVE-2021-3563?

High severity. CVSS v3 base score is 7.4 out of 10.

Auth bypass in Openstack Keystone

CVE-2021-3563

A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerabili…

Vulnerability class: Broken Access Control

EPSS: 0.013 (66.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Openstack Keystone
Debian Debian_linux — versions 10.0, 11.0
Redhat Openstack_platform — versions 10.0, 13.0, 16.1
N/a Keystone — versions Not-known

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

secalert@redhat.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (Exploit, Third Party Advisory, x_refsource_MISC, Issue Tracking, Vendor Advisory)
secalert@redhat.com (Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com (Exploit, Third Party Advisory, x_refsource_MISC, Issue Tracking)
secalert@redhat.com

Frequently asked questions

What is CVE-2021-3563?: CVE-2021-3563 is a high-severity vulnerability in Openstack Keystone, classified under Incorrect Authorization. CVSS score: 7.4/10. Published 2022-08-26.
How severe is CVE-2021-3563?: High severity. CVSS v3 base score is 7.4 out of 10.