Low severityNVD Advisory· Published Oct 1, 2013· Updated Jun 16, 2026
CVE-2013-2013
CVE-2013-2013
Description
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-keystoneclientPyPI | < 0.2.4 | 0.2.4 |
Affected products
3cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*range: <=0.2.3
- cpe:2.3:a:openstack:python-keystoneclient:0.2.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- www.openwall.com/lists/oss-security/2013/05/23/4nvdPatchWEB
- github.com/advisories/GHSA-8q2m-pwxf-jc7gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2013ghsaADVISORY
- bugs.launchpad.net/python-keystoneclient/+bug/938315nvdWEB
- github.com/openstack/python-keystoneclient/commit/f2e0818bc97bfbeba83f6abbb07909a8debcad77ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2013-24.yamlghsaWEB
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937nvdWEB
News mentions
0No linked articles in our index yet.