View at Official ubuntu advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-4615 medium priority: Ubuntu including 3 source packages (ceilometer, neutron, python-pycadf), 15 status rows across 5 suites (lucid, precise, saucy, trusty, upstream): DNE 7, released 5, ignored 1, needed 1, not-affected 1.
The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, Telemetry (Ceilometer) 2013.2 before 2013.2.4 and 2014.x before 2014.1.2, Neutron 2014.x before 2014.1.2 and Juno before Juno-2, and Oslo allows remote authenticated users to obtain X_AUTH_TOKEN values by reading the message queue (v2/meters/http.request).