Launchpad CVE tracker

CVE 2015-3646

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

Related bugs and status

CVE-2015-3646 (Candidate) is related to these bugs:

Bug #1469149: [CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs

		In	Importance	Status
1469149	[CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs	Mirantis OpenStack	High	Fix Released
1469149	[CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs	Mirantis OpenStack 6.1.x	High	Fix Released
1469149	[CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs	Mirantis OpenStack 7.0.x	High	Fix Released
1469149	[CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs	Mirantis OpenStack 5.1.x	High	Fix Released
1469149	[CVE-2015-3646][OSSA 2015-008] backend_argument containing a password leaked in logs	Mirantis OpenStack 6.0.x	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-3646

References