CVE-2014-4615 Information

Feb 14, 2021 cve

Description

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2 Neutron 2014.x before 2014.1.2 and Juno before Juno-2 and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

Reference

http://rhn.redhat.com/errata/RHSA-2014-1050.html http://secunia.com/advisories/60643 http://secunia.com/advisories/60736 http://secunia.com/advisories/60766 http://www.openwall.com/lists/oss-security/2014/06/23/8 http://www.openwall.com/lists/oss-security/2014/06/24/6 http://www.openwall.com/lists/oss-security/2014/06/25/6 http://www.securityfocus.com/bid/68149 http://www.ubuntu.com/usn/USN-2311-1

Share on: