First published: Tue May 12 2015(Updated: )
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
OpenStack Keystone | >=2014.1<2014.1.5 | |
OpenStack Keystone | >=2014.2.0<2014.2.4 | |
Oracle Solaris | =11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.