Lucene search
Ubuntu.comUB:CVE-2013-4471HistoryMay 14, 2014 - 12:00 a.m.
CVE-2013-4471
2014-05-1400:00:00
ubuntu.com
ubuntu.com
11
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
EPSS
0.001
Percentile
48.1%
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not
require the current password when changing passwords for user accounts,
which makes it easier for remote attackers to change a user password by
leveraging the authentication token for that user.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | v3 api introduced in grizzly (Ubuntu 13.04) upstream is not issuing a patch for grizzly (13.04) but instead providing only an OSSN (not issued yet) to for people to change the configuration defaults in keystone horizon on Ubuntu 13.04 explictly uses the keystoneclient v2 API and is therefore not affected |
Related
nvd
nvd
CVE-2013-4471
2014-05-14 19:55:10
prion
prion
Design/Logic Flaw
2014-05-14 19:55:00
cvelist
cvelist
CVE-2013-4471
2014-05-14 19:00:00
debiancve
debiancve
CVE-2013-4471
2014-05-14 19:55:10
cve
cve
CVE-2013-4471
2014-05-14 19:55:10
CVSS2
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
EPSS
0.001
Percentile
48.1%
Related for UB:CVE-2013-4471