CVE-2014-4615
19.08.2014, 18:55
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | openstack | 4.0 |
| canonical | ubuntu_linux | 14.04 |
| openstack | neutron | 2014.1 |
| openstack | neutron | 2014.1.1 |
| openstack | oslo | - |
| openstack | pycadf | 𝑥 ≤ 0.5.0 |
| openstack | pycadf | 0.1 |
| openstack | pycadf | 0.1.1 |
| openstack | pycadf | 0.1.2 |
| openstack | pycadf | 0.1.3 |
| openstack | pycadf | 0.1.4 |
| openstack | pycadf | 0.1.5 |
| openstack | pycadf | 0.1.6 |
| openstack | pycadf | 0.1.7 |
| openstack | pycadf | 0.1.8 |
| openstack | pycadf | 0.1.9 |
| openstack | pycadf | 0.2 |
| openstack | pycadf | 0.2.1 |
| openstack | pycadf | 0.2.2 |
| openstack | pycadf | 0.3 |
| openstack | pycadf | 0.3.1 |
| openstack | pycadf | 0.4 |
| openstack | pycadf | 0.4.1 |
| openstack | telemetry_\(ceilometer\) | 2013.2 |
| openstack | telemetry_\(ceilometer\) | 2014.1 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ceilometer |
| ||||||||||
| neutron |
| ||||||||||
| python-pycadf |
|
Ubuntu Releases
Common Weakness Enumeration
References