CVE-2014-4615: Infoleak
First published: Tue Aug 19 2014(Updated: )
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat OpenStack for IBM Power | =4.0 | |
| Ubuntu | =14.04 | |
| OpenStack Neutron | =2014.1 | |
| OpenStack Neutron | =2014.1.1 | |
| OpenStack Neutron | =juno1 | |
| OpenStack Oslo | ||
| OpenStack PyCADF | <=0.5.0 | |
| OpenStack PyCADF | =0.1 | |
| OpenStack PyCADF | =0.1.1 | |
| OpenStack PyCADF | =0.1.2 | |
| OpenStack PyCADF | =0.1.3 | |
| OpenStack PyCADF | =0.1.4 | |
| OpenStack PyCADF | =0.1.5 | |
| OpenStack PyCADF | =0.1.6 | |
| OpenStack PyCADF | =0.1.7 | |
| OpenStack PyCADF | =0.1.8 | |
| OpenStack PyCADF | =0.1.9 | |
| OpenStack PyCADF | =0.2 | |
| OpenStack PyCADF | =0.2.1 | |
| OpenStack PyCADF | =0.2.2 | |
| OpenStack PyCADF | =0.3 | |
| OpenStack PyCADF | =0.3.1 | |
| OpenStack PyCADF | =0.4 | |
| OpenStack PyCADF | =0.4.1 | |
| OpenStack Telemetry (Ceilometer) | =2013.2 | |
| OpenStack Telemetry (Ceilometer) | =2014.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2014-1050.html
- http://secunia.com/advisories/60643
- http://secunia.com/advisories/60736
- http://secunia.com/advisories/60766
- http://www.openwall.com/lists/oss-security/2014/06/23/8
- http://www.openwall.com/lists/oss-security/2014/06/24/6
- http://www.openwall.com/lists/oss-security/2014/06/25/6
- http://www.securityfocus.com/bid/68149
- http://www.ubuntu.com/usn/USN-2311-1
Frequently Asked Questions
What is the severity of CVE-2014-4615?
CVE-2014-4615 is classified as a high severity vulnerability due to the risk of unauthorized access to X_AUTH_TOKEN values.
How do I fix CVE-2014-4615?
To mitigate CVE-2014-4615, upgrade OpenStack PyCADF to version 0.6.0 or later, OpenStack Telemetry to version 2013.2.4 or later, Neutron to version 2014.1.2 or later, and ensure that you are running the latest builds of relevant components.
Who is affected by CVE-2014-4615?
CVE-2014-4615 affects users of OpenStack PyCADF versions 0.5.0 and earlier, as well as certain versions of Telemetry (Ceilometer), Neutron, and Oslo middleware.
What is the impact of CVE-2014-4615?
The impact of CVE-2014-4615 includes the potential for remote authenticated users to intercept and gain access to sensitive X_AUTH_TOKEN values.
When was CVE-2014-4615 disclosed?
CVE-2014-4615 was disclosed in 2014, primarily affecting OpenStack components prior to specified patched versions.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/author
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat openstack for ibm power
- version/red hat openstack for ibm power/4.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- vendor/openstack
- canonical/openstack neutron
- version/openstack neutron/2014.1
- version/openstack neutron/2014.1.1
- version/openstack neutron/juno1
- canonical/openstack oslo
- canonical/openstack pycadf
- version/openstack pycadf/0.5.0
- version/openstack pycadf/0.1
- version/openstack pycadf/0.1.1
- version/openstack pycadf/0.1.2
- version/openstack pycadf/0.1.3
- version/openstack pycadf/0.1.4
- version/openstack pycadf/0.1.5
- version/openstack pycadf/0.1.6
- version/openstack pycadf/0.1.7
- version/openstack pycadf/0.1.8
- version/openstack pycadf/0.1.9
- version/openstack pycadf/0.2
- version/openstack pycadf/0.2.1
- version/openstack pycadf/0.2.2
- version/openstack pycadf/0.3
- version/openstack pycadf/0.3.1
- version/openstack pycadf/0.4
- version/openstack pycadf/0.4.1
- canonical/openstack telemetry (ceilometer)
- version/openstack telemetry (ceilometer)/2013.2
- version/openstack telemetry (ceilometer)/2014.1