PT-2015-4548 · Openstack · Openstack Compute

Brian Manifold

Published

2015-04-01

Updated

2023-02-13

CVE-2015-0259

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions prior to 2014.1.4 OpenStack Compute (Nova) 2014.2.x versions prior to 2014.2.3 OpenStack Compute (Nova) kilo versions prior to kilo-3

Description The issue concerns the failure to validate the origin of websocket requests. This allows remote attackers to hijack user authentication for console access through a manipulated webpage.

Recommendations For OpenStack Compute (Nova) versions prior to 2014.1.4, update to version 2014.1.4 or later. For OpenStack Compute (Nova) 2014.2.x versions prior to 2014.2.3, update to version 2014.2.3 or later. For OpenStack Compute (Nova) kilo versions prior to kilo-3, update to version kilo-3 or later.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2015-0259

GHSA-X8XR-RM9R-7MVF

RHSA-2015:0790

RHSA-2015:0843

RHSA-2015:0844

SUSE-RU-2015:1730-1

SUSE-SU-2015:1666-1

Affected Products

Openstack Compute

PT-2015-4548 · Openstack · Openstack Compute

CVE-2015-0259

Weakness Enumeration

Related Identifiers

Affected Products

References · 45