Information disclosure in Openstack Neutron
CVE-2014-4615
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to o…
Vulnerability class: Information Disclosure
EPSS: 0.007 (73.5th percentile) — read the EPSS interpretation.
Affected products
- Openstack Neutron — versions 2014.1, 2014.1.1, juno1
- Openstack Oslo
- Openstack Pycadf — versions 0.1, 0.1.1, 0.1.2
- Openstack Telemetry_\(ceilometer\) — versions 2013.2, 2014.1
- Canonical Ubuntu_linux — versions 14.04
- Redhat Openstack — versions 4.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 68149 (vdb-entry, x_refsource_BID)
- [oss-security] 20140625 [OSSA 2014-021] User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615) (mailing-list, x_refsource_MLIST)
- 60766 (x_refsource_SECUNIA, third-party-advisory)
- [oss-security] 20140623 CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library (mailing-list, x_refsource_MLIST)
- [oss-security] 20140624 Re: CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library (mailing-list, x_refsource_MLIST)
- USN-2311-1 (x_refsource_UBUNTU, vendor-advisory)
- 60736 (x_refsource_SECUNIA, third-party-advisory)
- RHSA-2014:1050 (x_refsource_REDHAT, vendor-advisory)
- 60643 (x_refsource_SECUNIA, third-party-advisory)