Oval Definition:oval:org.opensuse.security:def:202138155
Revision Date:2022-05-22Version:1
Title:CVE-2021-38155
Description:

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-38155
SUSE CVE-2021-38155
SUSE-SU-2022:1654-1
SUSE-SU-2022:1729-1
Platform(s):SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • AND
  • ardana-barbican-9.0+git.1644879908.8a641c1-3.13.1 is installed
  • OR grafana-6.7.4-3.26.1 is installed
  • OR openstack-barbican-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-api-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-retry-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-worker-7.0.1~dev24-3.14.1 is installed
  • OR openstack-cinder-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-api-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-backup-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-scheduler-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-volume-13.0.10~dev24-3.34.2 is installed
  • OR openstack-heat-gbp-14.0.1~dev4-3.9.1 is installed
  • OR openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1 is installed
  • OR openstack-ironic-11.1.5~dev18-3.28.2 is installed
  • OR openstack-ironic-api-11.1.5~dev18-3.28.2 is installed
  • OR openstack-ironic-conductor-11.1.5~dev18-3.28.2 is installed
  • OR openstack-keystone-14.2.1~dev9-3.28.2 is installed
  • OR openstack-neutron-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-gbp-14.0.1~dev33-3.31.1 is installed
  • OR openstack-neutron-ha-tool-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-l3-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-metering-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-server-13.0.8~dev206-3.40.1 is installed
  • OR python-Pillow-5.2.0-3.17.1 is installed
  • OR python-XStatic-jquery-ui-1.13.0.1-4.3.1 is installed
  • OR python-barbican-7.0.1~dev24-3.14.1 is installed
  • OR python-cinder-13.0.10~dev24-3.34.2 is installed
  • OR python-heat-gbp-14.0.1~dev4-3.9.1 is installed
  • OR python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1 is installed
  • OR python-ironic-11.1.5~dev18-3.28.2 is installed
  • OR python-keystone-14.2.1~dev9-3.28.2 is installed
  • OR python-lxml-4.2.4-3.3.1 is installed
  • OR python-neutron-13.0.8~dev206-3.40.1 is installed
  • OR python-neutron-gbp-14.0.1~dev33-3.31.1 is installed
  • OR release-notes-suse-openstack-cloud-9.20220413-3.30.1 is installed
  • OR venv-openstack-barbican-x86_64-7.0.1~dev24-3.35.2 is installed
  • OR venv-openstack-cinder-x86_64-13.0.10~dev24-3.38.1 is installed
  • OR venv-openstack-designate-x86_64-7.0.2~dev2-3.35.1 is installed
  • OR venv-openstack-glance-x86_64-17.0.1~dev30-3.33.1 is installed
  • OR venv-openstack-heat-x86_64-11.0.4~dev4-3.35.1 is installed
  • OR venv-openstack-horizon-x86_64-14.1.1~dev11-4.39.1 is installed
  • OR venv-openstack-ironic-x86_64-11.1.5~dev18-4.33.1 is installed
  • OR venv-openstack-keystone-x86_64-14.2.1~dev9-3.36.1 is installed
  • OR venv-openstack-magnum-x86_64-7.2.1~dev1-4.35.1 is installed
  • OR venv-openstack-manila-x86_64-7.4.2~dev60-3.41.1 is installed
  • OR venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.35.1 is installed
  • OR venv-openstack-monasca-x86_64-2.7.1~dev10-3.37.1 is installed
  • OR venv-openstack-neutron-x86_64-13.0.8~dev206-6.39.1 is installed
  • OR venv-openstack-nova-x86_64-18.3.1~dev91-3.39.1 is installed
  • OR venv-openstack-octavia-x86_64-3.2.3~dev7-4.35.1 is installed
  • OR venv-openstack-sahara-x86_64-9.0.2~dev15-3.35.1 is installed
  • OR venv-openstack-swift-x86_64-2.19.2~dev48-2.30.1 is installed
  • OR Package Information
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND
  • grafana-6.7.4-3.26.1 is installed
  • OR openstack-barbican-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-api-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-keystone-listener-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-retry-7.0.1~dev24-3.14.1 is installed
  • OR openstack-barbican-worker-7.0.1~dev24-3.14.1 is installed
  • OR openstack-cinder-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-api-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-backup-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-scheduler-13.0.10~dev24-3.34.2 is installed
  • OR openstack-cinder-volume-13.0.10~dev24-3.34.2 is installed
  • OR openstack-heat-gbp-14.0.1~dev4-3.9.1 is installed
  • OR openstack-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1 is installed
  • OR openstack-ironic-11.1.5~dev18-3.28.2 is installed
  • OR openstack-ironic-api-11.1.5~dev18-3.28.2 is installed
  • OR openstack-ironic-conductor-11.1.5~dev18-3.28.2 is installed
  • OR openstack-keystone-14.2.1~dev9-3.28.2 is installed
  • OR openstack-neutron-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-dhcp-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-gbp-14.0.1~dev33-3.31.1 is installed
  • OR openstack-neutron-ha-tool-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-l3-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-linuxbridge-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-macvtap-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-metadata-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-metering-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-openvswitch-agent-13.0.8~dev206-3.40.1 is installed
  • OR openstack-neutron-server-13.0.8~dev206-3.40.1 is installed
  • OR python-Pillow-5.2.0-3.17.1 is installed
  • OR python-XStatic-jquery-ui-1.13.0.1-4.3.1 is installed
  • OR python-barbican-7.0.1~dev24-3.14.1 is installed
  • OR python-cinder-13.0.10~dev24-3.34.2 is installed
  • OR python-heat-gbp-14.0.1~dev4-3.9.1 is installed
  • OR python-horizon-plugin-gbp-ui-14.0.1~dev3-3.9.1 is installed
  • OR python-ironic-11.1.5~dev18-3.28.2 is installed
  • OR python-keystone-14.2.1~dev9-3.28.2 is installed
  • OR python-lxml-4.2.4-3.3.1 is installed
  • OR python-neutron-13.0.8~dev206-3.40.1 is installed
  • OR python-neutron-gbp-14.0.1~dev33-3.31.1 is installed
  • OR release-notes-suse-openstack-cloud-9.20220413-3.30.1 is installed
  • OR ruby2.1-rubygem-sinatra-1.4.6-4.3.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 8 is installed
  • AND
  • documentation-suse-openstack-cloud-installation-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-operations-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-opsconsole-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-planning-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-security-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-supplement-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-upstream-admin-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-upstream-user-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-user-8.20211112-1.38.1 is installed
  • OR kibana-4.6.6-3.12.1 is installed
  • OR openstack-keystone-12.0.4~dev11-5.36.1 is installed
  • OR openstack-keystone-doc-12.0.4~dev11-5.36.1 is installed
  • OR openstack-monasca-notification-1.10.2~dev4-3.9.1 is installed
  • OR python-keystone-12.0.4~dev11-5.36.1 is installed
  • OR python-monasca-notification-1.10.2~dev4-3.9.1 is installed
  • OR venv-openstack-keystone-x86_64-12.0.4~dev11-11.45.1 is installed
  • OR venv-openstack-monasca-x86_64-2.2.2~dev1-11.45.1 is installed
  • OR Package Information
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND
  • documentation-suse-openstack-cloud-deployment-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-supplement-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-upstream-admin-8.20211112-1.38.1 is installed
  • OR documentation-suse-openstack-cloud-upstream-user-8.20211112-1.38.1 is installed
  • OR kibana-4.6.6-3.12.1 is installed
  • OR openstack-keystone-12.0.4~dev11-5.36.1 is installed
  • OR openstack-keystone-doc-12.0.4~dev11-5.36.1 is installed
  • OR openstack-monasca-notification-1.10.2~dev4-3.9.1 is installed
  • OR python-keystone-12.0.4~dev11-5.36.1 is installed
  • OR python-monasca-notification-1.10.2~dev4-3.9.1 is installed
    • BACK