6.5 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
78.5%
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).
rhn.redhat.com/errata/RHSA-2014-1050.html
secunia.com/advisories/60643
secunia.com/advisories/60736
secunia.com/advisories/60766
www.openwall.com/lists/oss-security/2014/06/23/8
www.openwall.com/lists/oss-security/2014/06/24/6
www.openwall.com/lists/oss-security/2014/06/25/6
www.securityfocus.com/bid/68149
www.ubuntu.com/usn/USN-2311-1