WebSocket Authentication Hijacking in OpenStack Nova
CVE-2015-0259

Currently unrated

Key Information:

Vendor

Openstack
Status
Nova
Vendor
CVE Published:
1 April 2015

What is CVE-2015-0259?

OpenStack Compute (Nova) versions prior to 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 lack proper validation for the origin of WebSocket requests. This flaw allows remote attackers to potentially hijack user authentication to gain unauthorized access to console sessions by leveraging specially crafted web pages. Administrators should ensure they update to the latest versions to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST
http://rhn.redhat.com/errata/RHSA-2015-0844.html
vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-0790.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.