Описание
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:0.3.2-0ubuntu1 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | ignored | |
| quantal | ignored | |
| raring | ignored | |
| upstream | released | 0.2.4 |
Показывать по
EPSS
2.1 Low
CVSS2
Связанные уязвимости
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
The user-password-update command in python-keystoneclient before 0.2.4 ...
python-keystoneclient unsecure user password update
EPSS
2.1 Low
CVSS2