CVE-2013-2013 — Sensitive Information Exposure in Python-keystoneclient

CWE-200 — Sensitive Information Exposure CWE-79 — Cross-site Scripting CWE-862 — Missing Authorization CWE-476 — NULL Pointer Dereference CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer61 documents13 sources

Severity

2.1LOWNVD

GHSA4.3

EPSS

0.1%

top 79.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Python-keystoneclient

Timeline

PublishedOct 1

Latest updateMay 17

Description

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDopenstack/python-keystoneclient0.2.3+1

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

python-keystoneclient unsecure user password update↗2022-05-17

▶

OSV

python-keystoneclient unsecure user password update↗2022-05-17

▶

GHSA

Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet↗2022-05-17

▶

CVEList

CVE-2013-2013: The user-password-update command in python-keystoneclient before 0↗2013-10-01

▶

OSV

CVE-2013-2013: The user-password-update command in python-keystoneclient before 0↗2013-10-01

▶

💥Exploits & PoCs

Exploit-DB

iScripts AutoHoster - 'id' Local File Inclusion↗2013-12-15

▶

Exploit-DB

vBulletin 4.1.x - '/install/upgrade.php' Security Bypass↗2013-10-13

▶

📋Vendor Advisories

Red Hat

openstack-nova: RBAC policy not properly enforced in Nova EC2 API↗2014-04-09

▶

Red Hat

php: multiple vulnerabilities in gdImageCrop()↗2014-02-06

▶

Red Hat

krb5: KDC remote DoS (NULL pointer dereference and daemon crash)↗2013-11-04

▶

Red Hat

Gatein: JGroups configurations enable diagnostics without authentication↗2013-10-16

▶

Cisco

Cisco Secure Access Control System Administration Page Cross-Site Scripting Vulnerability↗2013-07-15

▶

💬Community

Bugzilla

CVE-2013-6668 v8: multiple vulnerabilities in v8 fixed in Google Chrome version 3.24.35.10 [epel-6]↗2014-03-11

▶

Bugzilla

CVE-2013-7027 Kernel: wireless: radiotap: parsing buffer overrun↗2013-12-10

▶

Bugzilla

CVE-2013-7040 python: hash secret can be recovered remotely [fedora-all]↗2013-12-10

▶

Bugzilla

CVE-2013-4232 libtiff (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()↗2013-08-12

▶

Bugzilla

CVE-2013-4202 openstack-cinder: OpenStack: Cinder Denial of Service using XML entities [fedora-all]↗2013-08-08

▶