VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 19, 2014· Updated May 6, 2026

CVE-2014-4615

CVE-2014-4615

Description

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

Affected products

26
  • Red Hat/Openstack
    cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
  • Canonical (company)/Ubuntu Linux
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • OpenStack/Neutron3 versions
    cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:neutron:2014.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:neutron:2014.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:neutron:juno1:*:*:*:*:*:*:*
  • OpenStack/Oslo
    cpe:2.3:a:openstack:oslo:-:*:*:*:*:*:*:*
  • OpenStack/Pycadf18 versions
    cpe:2.3:a:openstack:pycadf:*:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:openstack:pycadf:*:*:*:*:*:*:*:*range: <=0.5.0
    • cpe:2.3:a:openstack:pycadf:0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:pycadf:0.4.1:*:*:*:*:*:*:*
  • OpenStack/Telemetry \(ceilometer\)2 versions
    cpe:2.3:a:openstack:telemetry_\(ceilometer\):2013.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:telemetry_\(ceilometer\):2013.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:telemetry_\(ceilometer\):2014.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.