OSSA-2013-013: Keystone client local information disclosure

OSSA-2013-013: Keystone client local information disclosure¶

Date:: May 23, 2013
CVE:: CVE-2013-2013

Affects¶

Python-keystoneclient: All versions

Description¶

Jake Dahn from Nebula reported a vulnerability that the keystone client only allows passwords to be updated in a clear text command-line argument, which may enable other local users to obtain sensitive information by listing the process and potentially leaves a record of the password within the shell command history.

Patches¶

https://review.openstack.org/#/c/28702 (Links)

Credits¶

Jake Dahn from Nebula (CVE-2013-2013)

References¶

this page last updated: 2024-10-03 16:29:15

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.