CVE-2014-4615

CWE-200 — Information Exposure CWE-20113 documents8 sources

Severity

5.0MEDIUM

EPSS

0.8%

top 26.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Pycadf Canonical Ubuntu Linux Openstack Neutron +2 more

Timeline

PublishedAug 19

Latest updateMay 17

Description

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

▶NVDopenstack/telemetry_\(ceilometer\)2013.2, 2014.1+1

▶NVDopenstack/pycadf0.5.0+17

▶NVDopenstack/neutron2014.1, 2014.1.1, juno1+2

▶Debianneutron< 2014.1.2-1+3

▶Ubuntuneutron< 1:2014.1.2-0ubuntu1.1

Also affects: Ubuntu Linux 14.04

🔴Vulnerability Details

GHSA

GHSA-9wrh-vfjh-96rg: The notifier middleware in OpenStack PyCADF 0↗2022-05-17

▶

OSV

neutron vulnerabilities↗2014-08-21

▶

OSV

CVE-2014-4615: The notifier middleware in OpenStack PyCADF 0↗2014-08-19

▶

CVEList

CVE-2014-4615: The notifier middleware in OpenStack PyCADF 0↗2014-08-19

▶

📋Vendor Advisories

Ubuntu

OpenStack Neutron vulnerabilities↗2014-08-21

▶

Ubuntu

OpenStack Ceilometer vulnerability↗2014-08-21

▶

Ubuntu

pyCADF vulnerability↗2014-08-11

▶

Red Hat

pycadf: token leak to message queue↗2014-05-20

▶

Debian

CVE-2014-4615: ceilometer - The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilom...↗2014

▶

💬Community

Bugzilla

CVE-2014-4615 pycadf: token leak to message queue↗2014-06-25

▶

Bugzilla

CVE-2014-4615 python-pycadf: pycadf: token leak to message queue [fedora-20]↗2014-06-25

▶

Bugzilla

CVE-2014-4615 openstack-ceilometer: pycadf: token leak to message queue [fedora-all]↗2014-06-25

▶