CVE-2021-32624

Name of the Vulnerable Software and Affected Versions Keystone 5 (affected versions not specified)

Description This issue relates to a newly discovered capability in the query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. It is an access control related oracle attack that guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some length-dependent behaviors and the fidelity of the exposed information. Under some circumstances, field values or field value meta data can be determined, despite the field or list having read access control configured. If you use private fields or lists, you may be impacted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.