The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Oslo | Openstack | * | 2013 (including) |
Openstack | Redhat | 3.0 (including) | 3.0 (including) |