Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4471HistoryMay 14, 2014 - 7:55 p.m.
CVE-2013-4471
2014-05-1419:55:10
Debian Security Bug Tracker
security-tracker.debian.org
6
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
48.2%
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | horizon | < 2013.2-1 | horizon_2013.2-1_all.deb |
| Debian | 11 | all | horizon | < 2013.2-1 | horizon_2013.2-1_all.deb |
| Debian | 999 | all | horizon | < 2013.2-1 | horizon_2013.2-1_all.deb |
| Debian | 13 | all | horizon | < 2013.2-1 | horizon_2013.2-1_all.deb |
Related
prion
prion
Design/Logic Flaw
2014-05-14 19:55:00
cve
cve
CVE-2013-4471
2014-05-14 19:55:10
ubuntucve
ubuntucve
CVE-2013-4471
2014-05-14 00:00:00
nvd
nvd
CVE-2013-4471
2014-05-14 19:55:10
cvelist
cvelist
CVE-2013-4471
2014-05-14 19:00:00
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
48.2%
Related for DEBIANCVE:CVE-2013-4471