CVE-2013-6491
Published: 1 February 2014
The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
nova Launchpad, Ubuntu, Debian |
upstream |
Released
(2013.2.b3)
|
| lucid |
Does not exist
|
|
| precise |
Released
(2012.1.3+stable-20130423-e52e6912-0ubuntu1.4)
|
|
| quantal |
Ignored
(end of life, was pending)
|
|
| saucy |
Not vulnerable
(1:2013.2~rc2-0ubuntu1)
|
|
| trusty |
Does not exist
(trusty was not-affected [1:2014.1~b3-0ubuntu2])
|
|
|
Patches: upstream: https://github.com/openstack/oslo-incubator/commit/ad04e5787a4a651e59636ae7bb28dd9a0b2ee63f (grizzly) |
||
|
cinder Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
| lucid |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Released
(2012.2.4-0ubuntu1.1)
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
|
quantum Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
| lucid |
Does not exist
|
|
| precise |
Not vulnerable
|
|
| quantal |
Released
(2012.2.4-0ubuntu1.1)
|
|
| saucy |
Does not exist
|
|
| trusty |
Does not exist
|
|
|
neutron Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
| lucid |
Does not exist
|
|
| precise |
Does not exist
|
|
| quantal |
Does not exist
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
|
keystone Launchpad, Ubuntu, Debian |
upstream |
Not vulnerable
|
| lucid |
Does not exist
|
|
| precise |
Not vulnerable
(code not present)
|
|
| quantal |
Not vulnerable
(code not present)
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected [code not present])
|
|