Launchpad CVE tracker

CVE 2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.

Related bugs and status

CVE-2013-1977 (Candidate) is related to these bugs:

Bug #1168252: keystone.conf should not be world-readable (to keep LDAP password and admin_token secret)

		In	Importance	Status
1168252	keystone.conf should not be world-readable (to keep LDAP password and admin_token secret)	devstack	High	Fix Released
1168252	keystone.conf should not be world-readable (to keep LDAP password and admin_token secret)	Gentoo Linux	Low	Fix Released
1168252	keystone.conf should not be world-readable (to keep LDAP password and admin_token secret)	OpenStack Security Notes	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-1977

References