Vulnerability Details CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://rhn.redhat.com/errata/RHSA-2014-1050.html
- http://secunia.com/advisories/60643
- http://secunia.com/advisories/60736
- http://secunia.com/advisories/60766
- http://www.openwall.com/lists/oss-security/2014/06/23/8
- http://www.openwall.com/lists/oss-security/2014/06/24/6
- http://www.openwall.com/lists/oss-security/2014/06/25/6
- http://www.securityfocus.com/bid/68149
- http://www.ubuntu.com/usn/USN-2311-1
- http://rhn.redhat.com/errata/RHSA-2014-1050.html
- http://secunia.com/advisories/60643
- http://secunia.com/advisories/60736
- http://secunia.com/advisories/60766
- http://www.openwall.com/lists/oss-security/2014/06/23/8
- http://www.openwall.com/lists/oss-security/2014/06/24/6
- http://www.openwall.com/lists/oss-security/2014/06/25/6
- http://www.securityfocus.com/bid/68149
- http://www.ubuntu.com/usn/USN-2311-1
Products affected by CVE-2014-4615
-
cpe:2.3:a:openstack:neutron:2014.1
-
cpe:2.3:a:openstack:neutron:2014.1.1
-
cpe:2.3:a:openstack:neutron:juno1
-
cpe:2.3:a:openstack:oslo:-
-
cpe:2.3:a:openstack:pycadf:0.1
-
cpe:2.3:a:openstack:pycadf:0.1.1
-
cpe:2.3:a:openstack:pycadf:0.1.2
-
cpe:2.3:a:openstack:pycadf:0.1.3
-
cpe:2.3:a:openstack:pycadf:0.1.4
-
cpe:2.3:a:openstack:pycadf:0.1.5
-
cpe:2.3:a:openstack:pycadf:0.1.6
-
cpe:2.3:a:openstack:pycadf:0.1.7
-
cpe:2.3:a:openstack:pycadf:0.1.8
-
cpe:2.3:a:openstack:pycadf:0.1.9
-
cpe:2.3:a:openstack:pycadf:0.2
-
cpe:2.3:a:openstack:pycadf:0.2.1
-
cpe:2.3:a:openstack:pycadf:0.2.2
-
cpe:2.3:a:openstack:pycadf:0.3
-
cpe:2.3:a:openstack:pycadf:0.3.1
-
cpe:2.3:a:openstack:pycadf:0.4
-
cpe:2.3:a:openstack:pycadf:0.4.1
-
cpe:2.3:a:openstack:pycadf:0.5.0
-
cpe:2.3:a:openstack:telemetry_(ceilometer):2013.2
-
cpe:2.3:a:openstack:telemetry_(ceilometer):2014.1
-
cpe:2.3:a:redhat:openstack:4.0
-
cpe:2.3:o:canonical:ubuntu_linux:14.04