CVE-2015-0259

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions prior to 2014.1.4 OpenStack Compute (Nova) 2014.2.x versions prior to 2014.2.3 OpenStack Compute (Nova) kilo versions prior to kilo-3

Description The issue concerns the failure to validate the origin of websocket requests. This allows remote attackers to hijack user authentication for console access through a manipulated webpage.

Recommendations For OpenStack Compute (Nova) versions prior to 2014.1.4, update to version 2014.1.4 or later. For OpenStack Compute (Nova) 2014.2.x versions prior to 2014.2.3, update to version 2014.2.3 or later. For OpenStack Compute (Nova) kilo versions prior to kilo-3, update to version kilo-3 or later.