WebSocket Authentication Hijacking in OpenStack Nova
CVE-2015-0259
Currently unrated
Summary
OpenStack Compute (Nova) versions prior to 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 lack proper validation for the origin of WebSocket requests. This flaw allows remote attackers to potentially hijack user authentication to gain unauthorized access to console sessions by leveraging specially crafted web pages. Administrators should ensure they update to the latest versions to mitigate the risk associated with this vulnerability.
References
Timeline
Vulnerability published
Vulnerability Reserved