CVE-2013-6491: The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which…

medium4.3CVSS 3.1

AVNACMAuNCPINAN

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

Affected

8 ranges

Vendor	Product	Version range	Fixed in
debian	nova	< nova 2013.2.3-1 (bookworm)	nova 2013.2.3-1 (bookworm)
openstack	nova	>= 0 < 2013.2.3-1	2013.2.3-1
openstack	nova	>= 0 < 2013.2.3-1	2013.2.3-1
openstack	nova	>= 0 < 2013.2.3-1	2013.2.3-1
openstack	nova	>= 0 < 2013.2.3-1	2013.2.3-1
openstack	nova	>= 0 < 1:2014.1-0ubuntu1.2	1:2014.1-0ubuntu1.2
openstack	oslo	<= 2013	—
redhat	openstack	—	—

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N

osv5.0MEDIUM