Information disclosure in Openstack Keystone

CVE-2015-3646

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by readi…

Vulnerability class: Information Disclosure

EPSS: 0.002 (39.0th percentile) — read the EPSS interpretation.

Affected products

Openstack Keystone
Oracle Solaris — versions 11.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

[openstack-announce] 20150505 [OSSA 2015-008] Potential Keystone cache backend password leak in log (CVE-2015-3646) (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch, Mailing List)
74456 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)
cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory)