CVE-2013-6491

Name of the Vulnerable Software and Affected Versions OpenStack Oslo versions prior to 2013.2

Description The issue concerns the python-qpid client in OpenStack Oslo, where SSL connections are not enforced when the qpid protocol is set to ssl. This allows remote attackers to obtain sensitive information by sniffing the network.

Recommendations For versions prior to 2013.2, update to version 2013.2 or later to resolve the issue. As a temporary workaround, consider configuring the qpid protocol to use a secure connection method. Restrict access to sensitive information until the update is applied.