The user-password-update command in python-keystoneclient prior to 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack python-keystoneclient |
||
openstack python-keystoneclient 0.2.2 |