CVE-2015-3646

Published: May 12, 2015Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

Affected (3)

Products: Openstack: Keystone · Oracle: Solaris

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Keystone	From 2014.1 to 2014.1.5
Openstack Keystone	From 2014.2.0 to 2014.2.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/74456

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/keystone/+bug/1443598

Source: cve@mitre.org

Third Party Advisory

http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.securityfocus.com/bid/74456

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://bugs.launchpad.net/keystone/+bug/1443598

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.