{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20130523 [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/4"}, {"name": "oval:org.mitre.oval:def:16937", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/python-keystoneclient/+bug/938315"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:37.462Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20130523 [Openstack] [OSSA 2013-013] Keystone client local information disclosure (CVE-2013-2013)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/4"}, {"name": "oval:org.mitre.oval:def:16937", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/python-keystoneclient/+bug/938315"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2013", "datePublished": "2013-10-01T20:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:37.462Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD02FF26-7730-412A-8C60-1FB1BF8C851B", "versionEndIncluding": "0.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "499E63B2-46EE-4DDF-9CA2-AE5A897D8AD0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process."}, {"lang": "es", "value": "El comando user-password-update en python-keystoneclient anteriores a 0.2.4 acepta la nueva contrase\u00f1a en el argumento --password, lo que permite a usuarios locales obtener informaci\u00f3n sensible listando el proceso."}], "id": "CVE-2013-2013", "lastModified": "2024-11-21T01:50:51.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-01T20:55:33.623", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/4"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/python-keystoneclient/+bug/938315"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/05/23/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/python-keystoneclient/+bug/938315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "keystone: password disclosure on command line", "id": "957033", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=957033"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "status": "draft"}, "details": ["The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process."], "name": "CVE-2013-2013", "package_state": [{"cpe": "cpe:/a:redhat:openstack:2.1", "fix_state": "Affected", "package_name": "openstack-keystone", "product_name": "Red Hat OpenStack Platform 2.1"}, {"cpe": "cpe:/a:redhat:openstack:1", "fix_state": "Will not fix", "package_name": "openstack-keystone", "product_name": "RHOS Essex Release"}], "public_date": "2012-02-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2013\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2013"], "statement": "The Red Hat Security Response Team has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}