Information disclosure in Openstack Python-keystoneclient

CVE-2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

Vulnerability class: Information Disclosure

EPSS: 0.001 (20.4th percentile) — read the EPSS interpretation.

Affected products

Openstack Python-keystoneclient — versions 0.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

[oss-security] 20130523 [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013) (mailing-list, x_refsource_MLIST, Patch)
oval:org.mitre.oval:def:16937 (x_refsource_OVAL, signature, vdb-entry)
secalert@redhat.com (x_refsource_CONFIRM)