WebSocket Authentication Hijacking in OpenStack Nova
CVE-2015-0259

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
1 April 2015

Summary

OpenStack Compute (Nova) versions prior to 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 lack proper validation for the origin of WebSocket requests. This flaw allows remote attackers to potentially hijack user authentication to gain unauthorized access to console sessions by leveraging specially crafted web pages. Administrators should ensure they update to the latest versions to mitigate the risk associated with this vulnerability.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.