QwikSec

Security Database

CVE

CWE

Training

CVE-2014-4615

Published: Aug 19, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

[oss-security] 20140625 [OSSA 2014-021] User token leak to message queue in pyCADF notifier middleware (CVE-2014-4615)

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20140623 CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library

mailing-list

x_refsource_MLIST

[oss-security] 20140624 Re: CVE request for vulnerability in OpenStack Neutron, Ceilometer and pyCADF library

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.