Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ryy7-2bu5-gbaf
Vulnerability ID VCID-ryy7-2bu5-gbaf
Aliases CVE-2013-4471
Summary Credentials Management The Identity v3 API in OpenStack Dashboard (Horizon) does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-287 Improper Authentication
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2013-4471
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4471.json
https://api.first.org/data/v1/epss?cve=CVE-2013-4471
https://bugs.launchpad.net/horizon/+bug/1237989
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4471
1023586 https://bugzilla.redhat.com/show_bug.cgi?id=1023586
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.39665
EPSS Score 0.00181
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:46:52.967631+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/horizon/CVE-2013-4471.yml 38.0.0