6.4 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
65.1%
USN-2208-1 fixed vulnerabilities in OpenStack Cinder. This update provides
the corresponding updates for OpenStack Quantum.
Original advisory details:
JuanFra Rodriguez Cardoso discovered that OpenStack Cinder did not enforce
SSL connections when Nova was configured to use QPid and qpid_protocol is
set to ‘ssl’. If a remote attacker were able to perform a machine-in-the-middle
attack, this flaw could be exploited to view sensitive information. Ubuntu
does not use QPid with Nova by default.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 12.10 | noarch | python-quantum | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-common | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-dhcp-agent | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-l3-agent | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-plugin-cisco | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-plugin-linuxbridge | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-plugin-linuxbridge-agent | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-plugin-metaplugin | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-plugin-nec | < 2012.2.4-0ubuntu1.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | quantum-plugin-nicira | < 2012.2.4-0ubuntu1.1 | UNKNOWN |