{"id":"CVE-2021-3563","details":"A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.","aliases":["GHSA-cc99-whm5-mmq3"],"modified":"2026-05-28T04:05:06.535066026Z","published":"2022-08-26T16:15:08.867Z","database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","cpes":["cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"16.1"},{"last_affected":"16.2"}],"vendor_product":"redhat:openstack_platform"}]},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3563"},{"type":"REPORT","url":"https://bugs.launchpad.net/ossa/+bug/1901891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962908"},{"type":"REPORT","url":"https://security-tracker.debian.org/tracker/CVE-2021-3563"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/openstack/keystone","events":[{"introduced":"0"},{"last_affected":"339e7cc798aed24b7697980eb7cf8e20498d436d"},{"last_affected":"78adc33858509cac2f597f7e38a8f5f189ad2495"},{"last_affected":"847676854572e0c36535048b731f966590adb746"}],"database_specific":{"source":"CPE_STRING","cpe":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack_platform:10.0:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"10.0"},{"last_affected":"11.0"},{"last_affected":"13.0"}]}}],"versions":["13.0.0.0rc2","13.0.0","13.0.0.0rc1","13.0.0.0b3","13.0.0.0b2","13.0.0.0b1","12.0.0.0rc1","12.0.0.0b3","12.0.0.0b2","12.0.0.0b1","11.0.0.0rc1","11.0.0","11.0.0.0b3","11.0.0.0b2","11.0.0.0b1","10.0.0.0rc3","10.0.0","10.0.0.0rc2","10.0.0.0rc1","10.0.0.0b3","10.0.0.0b2","10.0.0.0b1","9.0.0.0rc1","9.0.0.0b3","9.0.0.0b2","9.0.0.0b1","8.0.0.0rc1","8.0.0.0b3","8.0.0.0b1","8.0.0.0b2","8.0.0a0","2015.1.0rc1","2015.1.0b3","2015.1.0b2","2015.1.0b1","2014.2.rc1","2014.2.b3","2014.2.b2","2014.2.b1","2014.1.rc1","2014.1.b3","2014.1.b2","2014.1.b1","2013.2.rc1","2013.2.b3","2013.2.b1","grizzly-2","grizzly-1","folsom-rc1","folsom-2","folsom-1","essex-rc1","essex-4","2011.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3563.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}