Sensitive Information Exposure in OpenStack Identity by OpenStack Foundation
CVE-2015-3646

Currently unrated

Key Information:

Vendor

Openstack
Status
Keystone
Vendor
CVE Published:
12 May 2015

What is CVE-2015-3646?

OpenStack Identity (Keystone) prior to version 2014.1.5 and 2014.2.x prior to 2014.2.4 exhibits a vulnerability where the backend_argument configuration option content is logged. This flaw enables remote authenticated users to gain unauthorized access to sensitive information, including passwords, by reading log files. Organizations leveraging this service should ensure they upgrade to patched versions to mitigate the risk of information exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/74456
vdb-entryx_refsource_BID
https://bugs.launchpad.net/keystone/+bug/1443598
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.