CVE-2013-1977
OpenStack Devstack - Information Disclosure via World-Readable Keystone Configuration
Title source: llmDescription
OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file.
References (3)
Core 3
Core References
Issue Tracking x_refsource_misc
https://bugs.launchpad.net/devstack/+bug/1168252
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/23/7
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/04/19/2
Scores
EPSS
0.0011
EPSS Percentile
29.6%
Details
CWE
CWE-264
Status
published
Products (1)
openstack/devstack
Published
May 21, 2013
Tracked Since
Feb 18, 2026