[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-38155":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":346,"aliases":356,"duplicate_of":9,"upstream":358,"downstream":359,"duplicates":370,"related":371,"reserved_at":9,"published_at":374,"modified_at":375,"state":376,"summary":377,"references_raw":385,"kevs":432,"epss":433,"epss_history":436,"metrics":695,"affected":707},"CVE-2021-38155","OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-307","Improper Restriction of Excessive Authentication Attempts","The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.","weakness","Draft","Base",[19,23,105,164,249,284,342],{"id":20,"name":21,"techniques":22},"CAPEC-16","Dictionary-based Password Attack",[],{"id":24,"name":25,"techniques":26},"CAPEC-49","Password Brute Forcing",[27],{"id":28,"name":29,"tactics":30,"countermeasures":34},"T1110.001","Password Guessing",[31],{"id":32,"name":33},"TA0031","Credential Access",[35,40,44,48,53,57,62,67,71,75,79,83,87,91,95,100],{"id":36,"name":37,"tactic":38},"D3-CCSA","Credential Compromise Scope Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-AEM","Application Exception Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-OPM","Operational Process Monitoring",{"name":39},{"id":49,"name":50,"tactic":51},"D3-CR","Credential Revocation",{"name":52},"Evict",{"id":54,"name":55,"tactic":56},"D3-ANCI","Authentication Cache Invalidation",{"name":52},{"id":58,"name":59,"tactic":60},"D3-DUC","Decoy User Credential",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-CH","Credential Hardening",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-MFA","Multi-factor Authentication",{"name":66},{"id":72,"name":73,"tactic":74},"D3-CRO","Credential Rotation",{"name":66},{"id":76,"name":77,"tactic":78},"D3-PR","Password Rotation",{"name":66},{"id":80,"name":81,"tactic":82},"D3-PWA","Password Authentication",{"name":66},{"id":84,"name":85,"tactic":86},"D3-CDP","Change Default Password",{"name":66},{"id":88,"name":89,"tactic":90},"D3-SPP","Strong Password Policy",{"name":66},{"id":92,"name":93,"tactic":94},"D3-OTP","One-time Password",{"name":66},{"id":96,"name":97,"tactic":98},"D3-RIC","Reissue Credential",{"name":99},"Restore",{"id":101,"name":102,"tactic":103},"D3-CTS","Credential Transmission Scoping",{"name":104},"Isolate",{"id":106,"name":107,"techniques":108},"CAPEC-560","Use of Known Domain Credentials",[109],{"id":110,"name":111,"tactics":112,"countermeasures":128},"T1078","Valid Accounts",[113,116,119,122,125],{"id":114,"name":115},"TA0030","Defense Evasion",{"id":117,"name":118},"TA0005","Stealth",{"id":120,"name":121},"TA0110","Persistence",{"id":123,"name":124},"TA0111","Privilege Escalation",{"id":126,"name":127},"TA0108","Initial Access",[129,134,138,142,146,150,152,156,160],{"id":130,"name":131,"tactic":132},"D3-AM","Access Modeling",{"name":133},"Model",{"id":135,"name":136,"tactic":137},"D3-LAM","Local Account Monitoring",{"name":39},{"id":139,"name":140,"tactic":141},"D3-DAM","Domain Account Monitoring",{"name":39},{"id":143,"name":144,"tactic":145},"D3-AL","Account Locking",{"name":52},{"id":147,"name":148,"tactic":149},"D3-AA","Agent Authentication",{"name":66},{"id":84,"name":85,"tactic":151},{"name":66},{"id":153,"name":154,"tactic":155},"D3-ULA","Unlock Account",{"name":99},{"id":157,"name":158,"tactic":159},"D3-RUAA","Restore User Account Access",{"name":99},{"id":161,"name":162,"tactic":163},"D3-UAP","User Account Permissions",{"name":104},{"id":165,"name":166,"techniques":167},"CAPEC-565","Password Spraying",[168],{"id":169,"name":166,"tactics":170,"countermeasures":172},"T1110.003",[171],{"id":32,"name":33},[173,175,177,179,183,187,191,195,199,203,207,211,215,219,221,223,225,227,229,231,233,235,237,239,241,243,245],{"id":36,"name":37,"tactic":174},{"name":39},{"id":41,"name":42,"tactic":176},{"name":39},{"id":45,"name":46,"tactic":178},{"name":39},{"id":180,"name":181,"tactic":182},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":39},{"id":184,"name":185,"tactic":186},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":39},{"id":188,"name":189,"tactic":190},"D3-CSPP","Client-server Payload Profiling",{"name":39},{"id":192,"name":193,"tactic":194},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":39},{"id":196,"name":197,"tactic":198},"D3-NTSA","Network Traffic Signature Analysis",{"name":39},{"id":200,"name":201,"tactic":202},"D3-APCA","Application Protocol Command Analysis",{"name":39},{"id":204,"name":205,"tactic":206},"D3-NTCD","Network Traffic Community Deviation",{"name":39},{"id":208,"name":209,"tactic":210},"D3-RTSD","Remote Terminal Session Detection",{"name":39},{"id":212,"name":213,"tactic":214},"D3-CAA","Connection Attempt Analysis",{"name":39},{"id":216,"name":217,"tactic":218},"D3-ANAA","Administrative Network Activity Analysis",{"name":39},{"id":49,"name":50,"tactic":220},{"name":52},{"id":54,"name":55,"tactic":222},{"name":52},{"id":58,"name":59,"tactic":224},{"name":61},{"id":63,"name":64,"tactic":226},{"name":66},{"id":68,"name":69,"tactic":228},{"name":66},{"id":72,"name":73,"tactic":230},{"name":66},{"id":76,"name":77,"tactic":232},{"name":66},{"id":80,"name":81,"tactic":234},{"name":66},{"id":84,"name":85,"tactic":236},{"name":66},{"id":88,"name":89,"tactic":238},{"name":66},{"id":92,"name":93,"tactic":240},{"name":66},{"id":96,"name":97,"tactic":242},{"name":99},{"id":101,"name":102,"tactic":244},{"name":104},{"id":246,"name":247,"tactic":248},"D3-NTF","Network Traffic Filtering",{"name":104},{"id":250,"name":251,"techniques":252},"CAPEC-600","Credential Stuffing",[253],{"id":254,"name":251,"tactics":255,"countermeasures":257},"T1110.004",[256],{"id":32,"name":33},[258,260,262,264,266,268,270,272,274,276,278,280,282],{"id":41,"name":42,"tactic":259},{"name":39},{"id":45,"name":46,"tactic":261},{"name":39},{"id":180,"name":181,"tactic":263},{"name":39},{"id":184,"name":185,"tactic":265},{"name":39},{"id":188,"name":189,"tactic":267},{"name":39},{"id":192,"name":193,"tactic":269},{"name":39},{"id":196,"name":197,"tactic":271},{"name":39},{"id":200,"name":201,"tactic":273},{"name":39},{"id":204,"name":205,"tactic":275},{"name":39},{"id":208,"name":209,"tactic":277},{"name":39},{"id":212,"name":213,"tactic":279},{"name":39},{"id":216,"name":217,"tactic":281},{"name":39},{"id":246,"name":247,"tactic":283},{"name":104},{"id":285,"name":286,"techniques":287},"CAPEC-652","Use of Known Kerberos Credentials",[288],{"id":289,"name":290,"tactics":291,"countermeasures":293},"T1558","Steal or Forge Kerberos Tickets",[292],{"id":32,"name":33},[294,296,298,300,302,304,306,308,310,312,316,318,320,322,324,326,328,332,336,338,340],{"id":180,"name":181,"tactic":295},{"name":39},{"id":184,"name":185,"tactic":297},{"name":39},{"id":188,"name":189,"tactic":299},{"name":39},{"id":192,"name":193,"tactic":301},{"name":39},{"id":196,"name":197,"tactic":303},{"name":39},{"id":200,"name":201,"tactic":305},{"name":39},{"id":204,"name":205,"tactic":307},{"name":39},{"id":208,"name":209,"tactic":309},{"name":39},{"id":36,"name":37,"tactic":311},{"name":39},{"id":313,"name":314,"tactic":315},"D3-RTA","RPC Traffic Analysis",{"name":39},{"id":49,"name":50,"tactic":317},{"name":52},{"id":54,"name":55,"tactic":319},{"name":52},{"id":58,"name":59,"tactic":321},{"name":61},{"id":63,"name":64,"tactic":323},{"name":66},{"id":68,"name":69,"tactic":325},{"name":66},{"id":72,"name":73,"tactic":327},{"name":66},{"id":329,"name":330,"tactic":331},"D3-TB","Token Binding",{"name":66},{"id":333,"name":334,"tactic":335},"D3-TBA","Token-based Authentication",{"name":66},{"id":96,"name":97,"tactic":337},{"name":99},{"id":246,"name":247,"tactic":339},{"name":104},{"id":101,"name":102,"tactic":341},{"name":104},{"id":343,"name":344,"techniques":345},"CAPEC-653","Use of Known Operating System Credentials",[],[347],{"_key":348,"name":349,"source":350,"url":351,"maturity":352,"reliability_score":353,"verified":354,"type":9,"platforms":355,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_3FF2D47E2EED30D0","Exploit Reference (launchpad.net)","reference","https://launchpad.net/bugs/1688137","unknown",0.2,false,[],[357],"GHSA-4225-97pr-rr52",[],[360,362,364,366,368],{"_key":361},"SUSE-SU-2022:1654-1",{"_key":363},"SUSE-SU-2022:1729-1",{"_key":365},"UBUNTU-CVE-2021-38155",{"_key":367},"DLA-3714-1",{"_key":369},"DEBIAN-CVE-2021-38155",[],[372,373],{"_key":361},{"_key":363},"2021-08-06T00:00:00.000Z","2024-08-04T01:37:16.259Z","Modified",{"cisa_kev":354,"cisa_ransomware":354,"cisa_vendor":9,"epss_severity":378,"epss_score":379,"severity":380,"severity_score":381,"severity_version":382,"severity_source":383,"severity_vector":384,"severity_status":376},"low",0.00737,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[386,396,401,406,410,415,419,423,427],{"url":351,"sources":387,"tags":390},[388,383,389],"cve.org","osv_pypi",[391,392,393,394,395],"Exploit","Issue Tracking","Patch","Third Party Advisory","WEB",{"url":397,"sources":398,"tags":399},"https://security.openstack.org/ossa/OSSA-2021-003.html",[388,383,389],[393,400,395],"Vendor Advisory",{"url":402,"sources":403,"tags":404},"http://www.openwall.com/lists/oss-security/2021/08/10/5",[388,383,389],[405,393,394,395],"Mailing List",{"url":407,"sources":408,"tags":409},"https://lists.debian.org/debian-lts-announce/2024/01/msg00007.html",[388,383,389],[405,395],{"url":411,"sources":412,"tags":413},"https://nvd.nist.gov/vuln/detail/CVE-2021-38155",[389],[414],"Advisory",{"url":416,"sources":417,"tags":418},"https://github.com/openstack/keystone/commit/1b573ae7d1c20e0ebfbde79bbe7538a09589c75d",[389],[395],{"url":420,"sources":421,"tags":422},"https://github.com/openstack/keystone/commit/8ab4eb27be4c13c9bab2b3ea700f00a190521bf8",[389],[395],{"url":424,"sources":425,"tags":426},"https://github.com/openstack/keystone/commit/ac2631ae33445877094cdae796fbcdce8833a626",[389],[395],{"url":428,"sources":429,"tags":430},"https://github.com/openstack/keystone",[389],[431],"PACKAGE",[],{"date":434,"score":379,"percentile":435},"2026-06-04",0.73209,[437,441,444,447,450,453,455,457,460,463,466,469,472,474,477,481,484,487,490,493,496,498,501,504,507,510,512,515,518,521,524,527,529,532,534,536,539,542,545,548,551,554,557,561,564,567,570,573,576,579,581,584,587,590,593,596,599,602,604,607,610,613,616,619,622,625,628,631,634,637,640,642,644,647,650,653,656,658,661,664,667,670,673,676,679,682,685,687,689,692],{"date":438,"score":439,"percentile":440},"2025-11-04",0.01067,0.76998,{"date":442,"score":439,"percentile":443},"2025-11-05",0.76999,{"date":445,"score":439,"percentile":446},"2025-11-06",0.76996,{"date":448,"score":439,"percentile":449},"2025-11-07",0.7701,{"date":451,"score":439,"percentile":452},"2025-11-08",0.77014,{"date":454,"score":439,"percentile":449},"2025-11-09",{"date":456,"score":439,"percentile":440},"2025-11-10",{"date":458,"score":439,"percentile":459},"2025-11-11",0.77,{"date":461,"score":439,"percentile":462},"2025-11-12",0.77018,{"date":464,"score":439,"percentile":465},"2025-11-13",0.77027,{"date":467,"score":439,"percentile":468},"2025-11-14",0.77034,{"date":470,"score":439,"percentile":471},"2025-11-15",0.77029,{"date":473,"score":439,"percentile":465},"2025-11-16",{"date":475,"score":439,"percentile":476},"2025-11-17",0.77019,{"date":478,"score":479,"percentile":480},"2025-11-18",0.01303,0.78006,{"date":482,"score":479,"percentile":483},"2025-11-19",0.78014,{"date":485,"score":479,"percentile":486},"2025-11-20",0.78022,{"date":488,"score":439,"percentile":489},"2025-11-21",0.77047,{"date":491,"score":439,"percentile":492},"2025-11-22",0.77046,{"date":494,"score":439,"percentile":495},"2025-11-23",0.77032,{"date":497,"score":439,"percentile":495},"2025-11-24",{"date":499,"score":439,"percentile":500},"2025-11-25",0.77039,{"date":502,"score":439,"percentile":503},"2025-11-26",0.77045,{"date":505,"score":439,"percentile":506},"2025-11-27",0.77048,{"date":508,"score":439,"percentile":509},"2025-11-28",0.77038,{"date":511,"score":439,"percentile":492},"2025-11-29",{"date":513,"score":439,"percentile":514},"2025-11-30",0.77044,{"date":516,"score":439,"percentile":517},"2025-12-01",0.77155,{"date":519,"score":439,"percentile":520},"2025-12-02",0.77165,{"date":522,"score":439,"percentile":523},"2025-12-03",0.77153,{"date":525,"score":439,"percentile":526},"2025-12-04",0.7704,{"date":528,"score":439,"percentile":506},"2025-12-05",{"date":530,"score":439,"percentile":531},"2025-12-06",0.77053,{"date":533,"score":439,"percentile":506},"2025-12-07",{"date":535,"score":439,"percentile":531},"2025-12-08",{"date":537,"score":439,"percentile":538},"2025-12-09",0.77079,{"date":540,"score":439,"percentile":541},"2025-12-10",0.77106,{"date":543,"score":439,"percentile":544},"2025-12-11",0.77123,{"date":546,"score":439,"percentile":547},"2025-12-12",0.77143,{"date":549,"score":439,"percentile":550},"2025-12-13",0.77144,{"date":552,"score":439,"percentile":553},"2025-12-14",0.77141,{"date":555,"score":439,"percentile":556},"2025-12-15",0.77136,{"date":558,"score":559,"percentile":560},"2025-12-16",0.01158,0.7804,{"date":562,"score":559,"percentile":563},"2025-12-17",0.78049,{"date":565,"score":559,"percentile":566},"2025-12-18",0.78066,{"date":568,"score":559,"percentile":569},"2025-12-19",0.78077,{"date":571,"score":559,"percentile":572},"2025-12-20",0.7807,{"date":574,"score":559,"percentile":575},"2025-12-21",0.78064,{"date":577,"score":559,"percentile":578},"2025-12-22",0.78067,{"date":580,"score":559,"percentile":572},"2025-12-23",{"date":582,"score":559,"percentile":583},"2025-12-24",0.78082,{"date":585,"score":559,"percentile":586},"2025-12-25",0.78101,{"date":588,"score":559,"percentile":589},"2025-12-26",0.78099,{"date":591,"score":559,"percentile":592},"2025-12-27",0.78147,{"date":594,"score":559,"percentile":595},"2025-12-28",0.78088,{"date":597,"score":559,"percentile":598},"2025-12-29",0.78083,{"date":600,"score":559,"percentile":601},"2025-12-30",0.78089,{"date":603,"score":559,"percentile":586},"2025-12-31",{"date":605,"score":559,"percentile":606},"2026-01-01",0.78219,{"date":608,"score":559,"percentile":609},"2026-01-02",0.7822,{"date":611,"score":559,"percentile":612},"2026-01-03",0.78218,{"date":614,"score":559,"percentile":615},"2026-01-04",0.78102,{"date":617,"score":559,"percentile":618},"2026-01-05",0.78097,{"date":620,"score":559,"percentile":621},"2026-01-06",0.78107,{"date":623,"score":559,"percentile":624},"2026-01-07",0.78113,{"date":626,"score":559,"percentile":627},"2026-01-08",0.78122,{"date":629,"score":559,"percentile":630},"2026-01-09",0.78124,{"date":632,"score":559,"percentile":633},"2026-01-10",0.78126,{"date":635,"score":559,"percentile":636},"2026-01-11",0.78117,{"date":638,"score":559,"percentile":639},"2026-01-12",0.78104,{"date":641,"score":559,"percentile":586},"2026-01-13",{"date":643,"score":559,"percentile":627},"2026-01-14",{"date":645,"score":559,"percentile":646},"2026-01-15",0.78125,{"date":648,"score":559,"percentile":649},"2026-01-16",0.78133,{"date":651,"score":559,"percentile":652},"2026-01-17",0.78139,{"date":654,"score":559,"percentile":655},"2026-01-18",0.78134,{"date":657,"score":559,"percentile":649},"2026-01-19",{"date":659,"score":559,"percentile":660},"2026-01-20",0.78127,{"date":662,"score":559,"percentile":663},"2026-01-21",0.78132,{"date":665,"score":559,"percentile":666},"2026-01-22",0.7814,{"date":668,"score":559,"percentile":669},"2026-01-23",0.78166,{"date":671,"score":559,"percentile":672},"2026-01-24",0.78178,{"date":674,"score":559,"percentile":675},"2026-01-25",0.78172,{"date":677,"score":559,"percentile":678},"2026-01-26",0.78165,{"date":680,"score":559,"percentile":681},"2026-01-27",0.78163,{"date":683,"score":559,"percentile":684},"2026-01-28",0.78167,{"date":686,"score":559,"percentile":681},"2026-01-29",{"date":688,"score":559,"percentile":684},"2026-01-30",{"date":690,"score":559,"percentile":691},"2026-01-31",0.78169,{"date":693,"score":559,"percentile":694},"2026-02-01",0.78279,[696,705],{"source":383,"cvss_v2_0":697,"cvss_v3_0":9,"cvss_v3_1":702,"cvss_v4_0":9},{"baseScore":698,"baseSeverity":9,"vectorString":699,"impactScore":700,"exploitabilityScore":701},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":381,"baseSeverity":703,"vectorString":384,"impactScore":704,"exploitabilityScore":701},"HIGH",6,{"source":389,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":706,"cvss_v4_0":9},{"baseScore":381,"baseSeverity":9,"vectorString":384,"impactScore":704,"exploitabilityScore":701},[708,733],{"ecosystem":9,"name":709,"vendor":710,"product":709,"cpe_part":711,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":712},"keystone","openstack","a",[713,721,725,729],{"version":714,"is_range":715,"range_type":716,"version_start":717,"version_start_type":718,"version_end":719,"version_end_type":720,"fixed_in":9},"gte10.0.0_lt16.0.2",true,"cpe","10.0.0","including","16.0.2","excluding",{"version":722,"is_range":715,"range_type":716,"version_start":723,"version_start_type":718,"version_end":724,"version_end_type":720,"fixed_in":9},"gte17.0.0_lt17.0.1","17.0.0","17.0.1",{"version":726,"is_range":715,"range_type":716,"version_start":727,"version_start_type":718,"version_end":728,"version_end_type":720,"fixed_in":9},"gte18.0.0_lt18.0.1","18.0.0","18.0.1",{"version":730,"is_range":715,"range_type":716,"version_start":731,"version_start_type":718,"version_end":732,"version_end_type":720,"fixed_in":9},"gte19.0.0_lt19.0.1","19.0.0","19.0.1",{"ecosystem":734,"name":709,"vendor":734,"product":709,"cpe_part":9,"purl_type":735,"purl_namespace":9,"purl_name":709,"source":9,"versions":736},"PyPI","pypi",[737,741,744,747],{"version":738,"is_range":715,"range_type":739,"version_start":740,"version_start_type":718,"version_end":719,"version_end_type":720,"fixed_in":9},"gte10_0_lt16_0_2","ecosystem","10.0",{"version":742,"is_range":715,"range_type":739,"version_start":743,"version_start_type":718,"version_end":724,"version_end_type":720,"fixed_in":9},"gte17_0_lt17_0_1","17.0",{"version":745,"is_range":715,"range_type":739,"version_start":746,"version_start_type":718,"version_end":728,"version_end_type":720,"fixed_in":9},"gte18_0_lt18_0_1","18.0",{"version":748,"is_range":715,"range_type":739,"version_start":749,"version_start_type":718,"version_end":732,"version_end_type":720,"fixed_in":9},"gte19_0_lt19_0_1","19.0"]