CVE-2013-4471 is a vulnerability in OpenStack Horizon
Published on May 14, 2014
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
Products Associated with CVE-2013-4471
Want to know whenever a new CVE is published for OpenStack Horizon? stack.watch will email you.
Exploit Probability
EPSS
0.18%
Percentile
39.54%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.