CVE request for vulnerability in OpenStack Keystone

[Tristan Cacqueray <tristan.cacqueray () enovance com>]

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public, although
an advisory was not sent yet.

Title: Potential Keystone cache backend password leak in log
Reporter: Eric Brown (VMware)
Products: Keystone
Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3

Description:
Eric Brown from VMware reported a vulnerability in Keystone. The
backend_argument configuration option content is being logged, and it
may contain sensitive information for specific backends (like a password
for MongoDB). An attacker with read access to Keystone logs may
therefore obtain sensitive data about certain backends. All Keystone
setups are potentially impacted.

References:
https://launchpad.net/bugs/1443598

Thanks in advance,

--
Tristan Cacqueray
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: OpenPGP digital signature