UbuntuUSN-2311-2OpenStack Ceilometer vulnerability
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.1%
Releases
- Ubuntu 14.04 ESM
Packages
- ceilometer - OpenStack Telemetry service
Details
USN-2311-1 fixed vulnerabilities in pyCADF. This update provides the
corresponding updates for OpenStack Ceilometer.
Original advisory details:
Zhi Kun Liu discovered that pyCADF incorrectly filtered certain tokens.
An attacker could possibly use this issue to obtain authentication tokens
used in REST requests.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.04 | noarch | ceilometer-common | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-agent-central | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-agent-compute | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-agent-notification | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-alarm-evaluator | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-alarm-notifier | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-api | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | ceilometer-collector | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | python-ceilometer | < 2014.1.2-0ubuntu1.1 | UNKNOWN |
References
Related
6.7 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.006 Low
EPSS
Percentile
79.1%