Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ryy7-2bu5-gbaf
Summary
Credentials Management
The Identity v3 API in OpenStack Dashboard (Horizon) does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
Aliases
0
alias CVE-2013-4471
Fixed_packages
0
url pkg:deb/debian/horizon@2013.2-1?distro=trixie
purl pkg:deb/debian/horizon@2013.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2013.2-1%3Fdistro=trixie
1
url pkg:deb/debian/horizon@2014.1.3-7
purl pkg:deb/debian/horizon@2014.1.3-7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9qpr-314b-xudu
1
vulnerability VCID-bd6x-wp7d-8fdj
2
vulnerability VCID-bz2p-kcg8-nuc6
3
vulnerability VCID-jg5v-wx6x-g3ah
4
vulnerability VCID-t697-h44p-k3hq
5
vulnerability VCID-xpdp-h35e-m3cz
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2014.1.3-7
2
url pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/horizon@3:18.6.2-5%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmd3-n97r-d7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:18.6.2-5%252Bdeb11u2%3Fdistro=trixie
3
url pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/horizon@3:23.0.0-5%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:23.0.0-5%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie
purl pkg:deb/debian/horizon@3:25.3.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.3.0-3%3Fdistro=trixie
5
url pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie
purl pkg:deb/debian/horizon@3:25.7.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.1-1%3Fdistro=trixie
6
url pkg:deb/debian/horizon@3:25.7.2-1?distro=trixie
purl pkg:deb/debian/horizon@3:25.7.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-nmd3-n97r-d7d1
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.2-1%3Fdistro=trixie
7
url pkg:deb/debian/horizon@3:25.7.3-1?distro=trixie
purl pkg:deb/debian/horizon@3:25.7.3-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@3:25.7.3-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/horizon@2012.1.1-10
purl pkg:deb/debian/horizon@2012.1.1-10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7zwb-k8zj-r3az
1
vulnerability VCID-9qpr-314b-xudu
2
vulnerability VCID-bd6x-wp7d-8fdj
3
vulnerability VCID-bz2p-kcg8-nuc6
4
vulnerability VCID-dsg5-s5y9-nbe3
5
vulnerability VCID-e8ck-eteq-7kb3
6
vulnerability VCID-jg5v-wx6x-g3ah
7
vulnerability VCID-kvy8-9dgv-nuc1
8
vulnerability VCID-n2fx-xctw-r7fr
9
vulnerability VCID-rc85-fmv7-6fh8
10
vulnerability VCID-ryy7-2bu5-gbaf
11
vulnerability VCID-t697-h44p-k3hq
12
vulnerability VCID-tngh-mgyc-xka4
13
vulnerability VCID-xpdp-h35e-m3cz
14
vulnerability VCID-zxjy-82n2-mkdb
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/horizon@2012.1.1-10
1
url pkg:pypi/horizon@2013.1.4
purl pkg:pypi/horizon@2013.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ryy7-2bu5-gbaf
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/horizon@2013.1.4
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4471.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4471.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-4471
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39665
published_at 2026-04-01T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39813
published_at 2026-04-02T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39836
published_at 2026-04-04T12:55:00Z
3
value 0.00181
scoring_system epss
scoring_elements 0.39757
published_at 2026-04-07T12:55:00Z
4
value 0.00181
scoring_system epss
scoring_elements 0.39812
published_at 2026-04-08T12:55:00Z
5
value 0.00181
scoring_system epss
scoring_elements 0.39826
published_at 2026-04-09T12:55:00Z
6
value 0.00181
scoring_system epss
scoring_elements 0.39835
published_at 2026-04-11T12:55:00Z
7
value 0.00181
scoring_system epss
scoring_elements 0.39799
published_at 2026-04-12T12:55:00Z
8
value 0.00181
scoring_system epss
scoring_elements 0.39783
published_at 2026-04-13T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39833
published_at 2026-04-16T12:55:00Z
10
value 0.00181
scoring_system epss
scoring_elements 0.39805
published_at 2026-04-18T12:55:00Z
11
value 0.00181
scoring_system epss
scoring_elements 0.39722
published_at 2026-04-21T12:55:00Z
12
value 0.00181
scoring_system epss
scoring_elements 0.39542
published_at 2026-04-24T12:55:00Z
13
value 0.00181
scoring_system epss
scoring_elements 0.39531
published_at 2026-04-26T12:55:00Z
14
value 0.00181
scoring_system epss
scoring_elements 0.39448
published_at 2026-04-29T12:55:00Z
15
value 0.00181
scoring_system epss
scoring_elements 0.39321
published_at 2026-05-05T12:55:00Z
16
value 0.00181
scoring_system epss
scoring_elements 0.39387
published_at 2026-05-07T12:55:00Z
17
value 0.00181
scoring_system epss
scoring_elements 0.39403
published_at 2026-05-09T12:55:00Z
18
value 0.00181
scoring_system epss
scoring_elements 0.39316
published_at 2026-05-11T12:55:00Z
19
value 0.00181
scoring_system epss
scoring_elements 0.3934
published_at 2026-05-12T12:55:00Z
20
value 0.00181
scoring_system epss
scoring_elements 0.3941
published_at 2026-05-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-4471
2
reference_url https://bugs.launchpad.net/horizon/+bug/1237989
reference_id
reference_type
scores
url https://bugs.launchpad.net/horizon/+bug/1237989
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4471
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4471
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4471
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4471
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1023586
reference_id 1023586
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1023586
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 287
name Improper Authentication
description When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitability0.5
Weighted_severity0.0
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ryy7-2bu5-gbaf