CVE-2014-4615

Publication date 24 June 2014

Last updated 24 July 2024

Ubuntu priority

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ceilometer	14.04 LTS trusty	Fixed 2014.1.2-0ubuntu1
	13.10 saucy	Ignored end of life
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
neutron	14.04 LTS trusty	Fixed 1:2014.1.2-0ubuntu1
	13.10 saucy	Not affected
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release
python-pycadf	14.04 LTS trusty	Fixed 0.4.1-0ubuntu1.1
	13.10 saucy	Not in release
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
ceilometer	Upstream: ?id=2b6 Upstream: ?id=264
neutron	Upstream: ?id=032
python-pycadf	Upstream: ?id=966

References

Related Ubuntu Security Notices (USN)

USN-2311-1
pyCADF vulnerability
11 August 2014

USN-2311-2
OpenStack Ceilometer vulnerability
21 August 2014

USN-2321-1
OpenStack Neutron vulnerabilities
21 August 2014

CVE-2014-4615

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references