Moderate severityNVD Advisory· Published May 12, 2015· Updated Jun 17, 2026
CVE-2015-3646
CVE-2015-3646
Description
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonePyPI | >= 2011.3, < 2014.1.5 | 2014.1.5 |
keystonePyPI | >= 2014.2, < 2014.2.4 | 2014.2.4 |
Affected products
9- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- ghsa-coords7 versionspkg:pypi/keystonepkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-swift&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-swift-doc&distro=SUSE%20OpenStack%20Cloud%205
>= 2011.3, < 2014.1.5+ 6 more
- (no CPE)range: >= 2011.3, < 2014.1.5
- (no CPE)range: < 2014.2.4.juno-17.1
- (no CPE)range: < 2014.2.4.juno-17.2
- (no CPE)range: < 2014.2.4.juno-29.1
- (no CPE)range: < 2014.2.4.juno-29.1
- (no CPE)range: < 2.1.0-14.1
- (no CPE)range: < 2.1.0-14.1
Patches
Vulnerability mechanics
References
7- lists.openstack.org/pipermail/openstack-announce/2015-May/000356.htmlnvdMailing ListPatchVendor AdvisoryWEB
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/74456nvdThird Party AdvisoryVDB Entry
- bugs.launchpad.net/keystone/+bug/1443598nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-jwpw-ppj5-7h4wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-3646ghsaADVISORY
- web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456ghsaWEB
News mentions
0No linked articles in our index yet.