OSSA-2013-013: Keystone client local information disclosure¶
May 23, 2013
Python-keystoneclient: All versions
Jake Dahn from Nebula reported a vulnerability that the keystone client only allows passwords to be updated in a clear text command-line argument, which may enable other local users to obtain sensitive information by listing the process and potentially leaves a record of the password within the shell command history.
Jake Dahn from Nebula (CVE-2013-2013)