CVE-2015-3646 in OpenStack and Oracle Products
Published on May 12, 2015
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
Products Associated with CVE-2015-3646
stack.watch emails you whenever new vulnerabilities are published in OpenStack Keystone or Oracle Solaris. Just hit a watch button to start following.
Exploit Probability
EPSS
0.15%
Percentile
34.97%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.