CVE-2015-0259
published 2015-04-01CVE-2015-0259: OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows…
medium5.1CVSS 3.1
AVNACHAuNCPIPAP
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nova | < nova 2014.1.3-11 (bookworm) | nova 2014.1.3-11 (bookworm) |
| openstack | nova | — | — |
| openstack | nova | >= 0 < 2014.1.3-11 | 2014.1.3-11 |
| openstack | nova | >= 0 < 2014.1.3-11 | 2014.1.3-11 |
| openstack | nova | >= 0 < 2014.1.3-11 | 2014.1.3-11 |
| openstack | nova | >= 0 < 2014.1.3-11 | 2014.1.3-11 |
| openstack | nova | >= 0 < 2014.1.4 | 2014.1.4 |
| openstack | nova | >= 2014.1 < 2014.1.4 | 2014.1.4 |
| openstack | nova | >= 2014.2 < 2014.2.3 | 2014.2.3 |
| openstack | nova | >= 2014.2.0 < 2014.2.3 | 2014.2.3 |
CVSS provenance
nvd5.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
osv5.1MEDIUM