[email protected]CVE-2013-2006

HistoryMay 21, 2013 - 6:55 p.m.

CVE-2013-2006

2013-05-2118:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2013-2006

openstack

identity

keystone

grizzly

debug mode logging

plaintext

nvd

5.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.

CPENameOperatorVersion
openstack:keystoneopenstack keystoneeq2013.1.1

CPE	Name	Operator	Version
openstack:keystone	openstack keystone	eq	2013.1.1

References

lists.fedoraproject.org/pipermail/package-announce/2013-May/105916.html

lists.fedoraproject.org/pipermail/package-announce/2013-May/106220.html

rhn.redhat.com/errata/RHSA-2013-0806.html

www.openwall.com/lists/oss-security/2013/04/24/1

www.openwall.com/lists/oss-security/2013/04/24/2

www.securityfocus.com/bid/59411

bugs.launchpad.net/keystone/+bug/1172195

bugs.launchpad.net/ossn/+bug/1168252

github.com/openstack/keystone/commit/c5037dd6b82909efaaa8720e8cfa8bdb8b4a0edd

5.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2013-2006

cvelist1 redhat1 veracode1 debiancve1 prion1 github1 ubuntucve1 nessus2 fedora3 openvas4