CVE-2013-2006

CWE-200 — Information Exposure16 documents8 sources

Severity

2.1LOW

EPSS

0.0%

top 88.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Keystone

Timeline

PublishedMay 21

Latest updateMay 17

Description

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDopenstack/keystone2013.1.1

▶PyPIkeystone< 8.0.0a0

▶Debiankeystone< 2013.1.1-2+3

🔴Vulnerability Details

OSV

OpenStack Keystone Sensitive information disclosure via log files↗2022-05-17

▶

GHSA

OpenStack Keystone Sensitive information disclosure via log files↗2022-05-17

▶

OSV

CVE-2013-2006: OpenStack Identity (Keystone) Grizzly 2013↗2013-05-21

▶

CVEList

CVE-2013-2006: OpenStack Identity (Keystone) Grizzly 2013↗2013-05-21

▶

💥Exploits & PoCs

Exploit-DB

BlazeDVD 6.2 - '.plf' Local Buffer Overflow (SEH)↗2013-10-28

▶

Exploit-DB

BlazeDVD Pro Player 6.1 - Direct RET Local Stack Buffer Overflow↗2013-07-16

▶

Exploit-DB

Winamp 5.12 - '.m3u' Local Stack Buffer Overflow↗2013-06-17

▶

Exploit-DB

Allied Telesyn TFTP (AT-TFTP) Server/Daemon 2.0 - Stack Buffer Overflow (Denial of Service) (PoC)↗2013-04-12

▶

📋Vendor Advisories

Red Hat

kernel: xen: Information leak on XSAVE/XRSTOR capable AMD CPUs↗2013-06-03

▶

Red Hat

keystone: DEBUG level LDAP password disclosure in log files↗2013-04-19

▶

Debian

CVE-2013-2006: keystone - OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabl...↗2013

▶

💬Community

Bugzilla

CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files [epel-6]↗2013-04-25

▶

Bugzilla

CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files [fedora-all]↗2013-04-25

▶

Bugzilla

CVE-2013-2006 OpenStack keystone: DEBUG level LDAP password disclosure in log files↗2013-04-24

▶

Bugzilla

CVE-2013-1977 openstack-keystone: Insecure management of LDAP and admin_token configuration file values↗2013-04-19

▶