CVE-2014-4615

Name of the Vulnerable Software and Affected Versions OpenStack PyCADF version 0.5.0 and earlier Telemetry (Ceilometer) versions 2013.2 before 2013.2.4 and 2014.x before 2014.1.2 Neutron versions 2014.x before 2014.1.2 and Juno before Juno-2 Oslo (affected versions not specified)

Description The issue allows remote authenticated users to obtain X AUTH TOKEN values by reading the message queue, specifically the v2/meters/http.request endpoint.

Recommendations For OpenStack PyCADF version 0.5.0 and earlier, update to a version later than 0.5.0. For Telemetry (Ceilometer) versions 2013.2 before 2013.2.4, update to version 2013.2.4 or later. For Telemetry (Ceilometer) versions 2014.x before 2014.1.2, update to version 2014.1.2 or later. For Neutron versions 2014.x before 2014.1.2, update to version 2014.1.2 or later. For Neutron Juno before Juno-2, update to Juno-2 or later. For Oslo, at the moment, there is no information about a newer version that contains a fix for this issue.