| Vulnerability Name: | CVE-2013-2013 (CCN-87730) | ||||||||||||||||
| Assigned: | 2013-05-23 | ||||||||||||||||
| Published: | 2013-05-23 | ||||||||||||||||
| Updated: | 2017-09-19 | ||||||||||||||||
| Summary: | The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process. | ||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-2013 Source: CCN Type: OpenStack Web site Welcome to Keystone, the OpenStack Identity Service Source: CCN Type: oss-sec mailing list, Thu, 23 May 2013 20:52:12 +0000 Keystone client local information disclosure (CVE-2013-2013) Source: MLIST Type: Patch [oss-security] 20130523 [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) Source: CCN Type: BID-59504 OpenStack Keystone CVE-2013-2013 Password Information Disclosure Vulnerability Source: CONFIRM Type: UNKNOWN https://bugs.launchpad.net/python-keystoneclient/+bug/938315 Source: XF Type: UNKNOWN keystone-cve20132013-info-disclosure(87730) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:16937 Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-2013 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||