PYSEC-2026-655

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-655.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-655
Aliases
Published
2026-07-02T14:13:23.853843Z
Modified
2026-07-06T08:00:47.578744530Z
Summary
OpenStack Keystone Logs Passwords
Details

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

References

Affected packages

PyPI / keystone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2011.3
Fixed
2014.1.5
Introduced
2014.2
Fixed
2014.2.4

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-655.yaml"