CVE-2013-6491 — Oslo vulnerability

CWE-31011 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Nova Openstack Oslo Redhat Openstack

Timeline

PublishedFeb 2

Latest updateMay 17

Description

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDopenstack/oslo2013

▶Debianopenstack/nova< 2013.2.3-1+3

▶NVDredhat/openstack3.0

🔴Vulnerability Details

GHSA

GHSA-36gw-3xf6-9pvq: The python-qpid client (common/rpc/impl_qpid↗2022-05-17

▶

OSV

CVE-2013-6491: The python-qpid client (common/rpc/impl_qpid↗2014-02-02

▶

CVEList

CVE-2013-6491: The python-qpid client (common/rpc/impl_qpid↗2014-02-02

▶

📋Vendor Advisories

Ubuntu

OpenStack Nova vulnerabilities↗2014-06-17

▶

Ubuntu

OpenStack Quantum vulnerability↗2014-05-06

▶

Ubuntu

OpenStack Cinder vulnerability↗2014-05-06

▶

Red Hat

nova: qpid SSL configuration↗2013-03-22

▶

Debian

CVE-2013-6491: nova - The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2...↗2013

▶

💬Community

Bugzilla

CVE-2013-6491 Openstack nova: qpid SSL configuration↗2014-01-30

▶

Bugzilla

CVE-2013-6491: Setting Qpid SSL protocol sets wrong variable [openstack-3]↗2013-08-13

▶