HP Helion Eucalyptus Security Advisory
Advisory ID: 
Severity Level: 
Issue Date: 
Last Updated: 
Affected Products: 
HP Helion Eucalyptus 3.3.0 and earlier


A vulnerability has been identified in HP Helion Eucalyptus 3.3.0 and earlier. Anonymous/unauthenticated user could get access to log files of Cluster Controller (CC) and Node Controller (NC) components. An update is now available that resolves this issue.


A flaw was identified in the implementation of gather log service on both the CC and the NC. An unauthenticated user with remote access to a CC or an NC could retrieve the component’s log files. This could lead to disclosure of information internal to HP Helion Eucalyptus cloud.


HP Helion Eucalyptus version 3.3.1 resolves this issue.

Please see https://www.eucalyptus.com/download/eucalyptus for instructions on downloading and upgrading to the latest HP Helion Eucalyptus software.

Contact and help

Contact the HP Helion Eucalyptus security team at euca-security@hp.com.