CVE-2013-6491

CVE-2013-6491 affects the OpenStack Oslo stack (OpenStack Nova) using the python-qpid client; specifically, the common/rpc/impl_qpid.py path does not enforce SSL when qpid_protocol is set to ssl, allowing remote attackers to sniff network traffic and obtain sensitive information. The root cause i...

CVE-2014-4615

CVE-2014-4615 affects OpenStack components including PyCADF (0.5.0 and earlier), Ceilometer 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo. The issue allows remote authenticated users to read a message queue (v2/meters/http.reque...