Launchpad CVE tracker

CVE 2013-2013

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

Related bugs and status

CVE-2013-2013 (Candidate) is related to these bugs:

Bug #938315: [OSSA-2013-013] Updating password via keystoneclient CLI should be done securely (CVE-2013-2013)

Summary				In	Importance	Status
	938315	[OSSA-2013-013] Updating password via keystoneclient CLI should be done securely (CVE-2013-2013)		python-keystoneclient	High	Fix Released
	938315	[OSSA-2013-013] Updating password via keystoneclient CLI should be done securely (CVE-2013-2013)		OpenStack Security Advisory	Low	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2013

References