CVE-2014-4615
published 2014-08-19CVE-2014-4615: The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before…
medium5CVSS 3.1
AVNACLAuNCPINAN
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | ceilometer | < ceilometer 2014.1.2-1 (bookworm) | ceilometer 2014.1.2-1 (bookworm) |
| debian | neutron | < ceilometer 2014.1.2-1 (bookworm) | ceilometer 2014.1.2-1 (bookworm) |
| debian | python-pycadf | < ceilometer 2014.1.2-1 (bookworm) | ceilometer 2014.1.2-1 (bookworm) |
| openstack | ceilometer | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | ceilometer | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | ceilometer | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | ceilometer | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | neutron | — | — |
| openstack | neutron | — | — |
| openstack | neutron | — | — |
| openstack | neutron | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | neutron | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | neutron | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | neutron | >= 0 < 2014.1.2-1 | 2014.1.2-1 |
| openstack | neutron | >= 0 < 1:2014.1.2-0ubuntu1.1 | 1:2014.1.2-0ubuntu1.1 |
| openstack | pycadf | <= 0.5.0 | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
| openstack | pycadf | — | — |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM