Local Information Disclosure in Keystone Client by OpenStack
CVE-2013-2013

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
1 October 2013

Summary

The user-password-update command in the Keystone Client for OpenStack allows local users to exploit the --password argument to potentially expose sensitive information. This can be achieved by listing the process and retrieving passwords that should otherwise remain confidential. It is important for users of versions prior to 0.2.4 to be aware of this security flaw and implement necessary precautions.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.