Vulnerability DatabaseCVE-2015-3646
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-3646
Published:May 12, 2015
Updated:May 17, 2026
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
Related Resources (7)
http://lists.openstack.org/pipermail/openstack-announce/2015-May/000356.html
https://nvd.nist.gov/vuln/detail/CVE-2015-3646
https://github.com/openstack/keystone
https://bugs.launchpad.net/keystone/+bug/1443598
https://web.archive.org/web/20210122154200/http://www.securityfocus.com/bid/74456
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.securityfocus.com/bid/74456
Do you need more information?
Contact Us
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
CVSS v2
Base Score:
4
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
0.18