Local Information Disclosure in Keystone Client by OpenStack
CVE-2013-2013

Currently unrated

Key Information:

Vendor

Openstack
Status
Python-keystoneclient
Vendor
CVE Published:
1 October 2013

What is CVE-2013-2013?

The user-password-update command in the Keystone Client for OpenStack allows local users to exploit the --password argument to potentially expose sensitive information. This can be achieved by listing the process and retrieving passwords that should otherwise remain confidential. It is important for users of versions prior to 0.2.4 to be aware of this security flaw and implement necessary precautions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2013/05/23/4
mailing-listx_refsource_MLIST
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
https://bugs.launchpad.net/python-keystoneclient/+bug/938315
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.