5

CVE-2014-4615

EPSS 0.75%
Published 19.08.2014 18:55:02
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openstack Version4.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Openstack ≫ Neutron Version2014.1

Openstack ≫ Neutron Version2014.1.1

Openstack ≫ Neutron Versionjuno1

Openstack ≫ Oslo Version-

Openstack ≫ Pycadf Version <= 0.5.0

Openstack ≫ Pycadf Version0.1

Openstack ≫ Pycadf Version0.1.1

Openstack ≫ Pycadf Version0.1.2

Openstack ≫ Pycadf Version0.1.3

Openstack ≫ Pycadf Version0.1.4

Openstack ≫ Pycadf Version0.1.5

Openstack ≫ Pycadf Version0.1.6

Openstack ≫ Pycadf Version0.1.7

Openstack ≫ Pycadf Version0.1.8

Openstack ≫ Pycadf Version0.1.9

Openstack ≫ Pycadf Version0.2

Openstack ≫ Pycadf Version0.2.1

Openstack ≫ Pycadf Version0.2.2

Openstack ≫ Pycadf Version0.3

Openstack ≫ Pycadf Version0.3.1

Openstack ≫ Pycadf Version0.4

Openstack ≫ Pycadf Version0.4.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.75%	0.708

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/60766

http://rhn.redhat.com/errata/RHSA-2014-1050.html

http://secunia.com/advisories/60643

http://secunia.com/advisories/60736

http://www.openwall.com/lists/oss-security/2014/06/23/8

http://www.openwall.com/lists/oss-security/2014/06/24/6

http://www.openwall.com/lists/oss-security/2014/06/25/6

http://www.securityfocus.com/bid/68149

http://www.ubuntu.com/usn/USN-2311-1

https://nvd.nist.gov/vuln/detail/CVE-2014-4615

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-4615

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-4615

EUVD