CVE-2014-4615

The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).

Published: Aug 19, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-4615
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
redhat / openstack	4.0	4.0.x
canonical / ubuntu_linux	14.04	14.04.x
openstack / neutron	2014.1	2014.1.x
openstack / pycadf	0.1.4	0.1.4.x
openstack / pycadf	0.1.7	0.1.7.x
openstack / pycadf	0.4	0.4.x
openstack / neutron	2014.1.1	2014.1.1.x
openstack / pycadf	0.1.1	0.1.1.x
openstack / pycadf	0.1.8	0.1.8.x
openstack / telemetry_(ceilometer)	2013.2	2013.2.x
openstack / pycadf	0.1.5	0.1.5.x
openstack / pycadf	0.1.9	0.1.9.x
openstack / pycadf	-	0.5.0.x
openstack / pycadf	0.2.1	0.2.1.x
openstack / pycadf	0.3	0.3.x
openstack / telemetry_(ceilometer)	2014.1	2014.1.x
openstack / pycadf	0.2	0.2.x
openstack / pycadf	0.1.6	0.1.6.x
openstack / pycadf	0.2.2	0.2.2.x
openstack / pycadf	0.4.1	0.4.1.x
openstack / pycadf	0.1	0.1.x
openstack / pycadf	0.1.3	0.1.3.x
openstack / pycadf	0.3.1	0.3.1.x
openstack / pycadf	0.1.2	0.1.2.x
openstack / neutron	juno1	juno1.x

Vulnerability Database

313,552

CVE-2014-4615

Deep Security Visibility Without the Complexity