CVE-2013-4471: Credentials Management

May 14, 2014 (updated May 15, 2014)

The Identity v3 API in OpenStack Dashboard (Horizon) does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.

References

bugs.launchpad.net/horizon/+bug/1237989
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4471

Code Behaviors & Features

Detect and mitigate CVE-2013-4471 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →