—

PYSEC-2013-24

Details

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / python-keystoneclient

Introduced in: 0 Fixed in: 0.2.4

Fix pip install --upgrade 'python-keystoneclient>=0.2.4'

References

http://www.openwall.com/lists/oss-security/2013/05/23/4 [WEB]
https://bugs.launchpad.net/python-keystoneclient/+bug/938315 [WEB]
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16937 [WEB]