Lucene search
HistoryMay 12, 2015 - 7:59 p.m.
CVE-2015-3646
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.001
Percentile
43.7%
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
Affected configurations
Node
openstackkeystoneRange2014.1–2014.1.5
ORopenstackkeystoneRange2014.2.0–2014.2.4
Node
oraclesolarisMatch11.2
Related
debiancve
debiancve
CVE-2015-3646
2015-05-12 19:59:26
ubuntucve
ubuntucve
CVE-2015-3646
2015-05-12 00:00:00
prion
prion
Default configuration
2015-05-12 19:59:00
osv
osv
OpenStack Keystone Logs Passwords
2022-05-13 01:26:10
github
github
OpenStack Keystone Logs Passwords
2022-05-13 01:26:10
cve
cve
CVE-2015-3646
2015-05-12 19:59:26
cvelist
cvelist
CVE-2015-3646
2015-05-12 19:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.8
Confidence
Low
EPSS
0.001
Percentile
43.7%
Related for NVD:CVE-2015-3646