CVE-2015-0259

CWE-3459 documents7 sources

Severity

5.1MEDIUM

EPSS

0.2%

top 57.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Nova

Timeline

PublishedApr 1

Latest updateMay 14

Description

OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶NVDopenstack/nova2014.1 — 2014.1.4+2

▶PyPInova2014.2.0 — 2014.2.3+1

▶Debiannova< 2014.1.3-11+3

🔴Vulnerability Details

GHSA

OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity↗2022-05-14

▶

OSV

OpenStack Compute (Nova) has Insufficient Verification of Data Authenticity↗2022-05-14

▶

CVEList

CVE-2015-0259: OpenStack Compute (Nova) before 2014↗2015-04-01

▶

OSV

CVE-2015-0259: OpenStack Compute (Nova) before 2014↗2015-04-01

▶

📋Vendor Advisories

Red Hat

openstack-nova: console Cross-Site WebSocket hijacking↗2015-03-10

▶

Debian

CVE-2015-0259: nova - OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo bef...↗2015

▶

💬Community

Bugzilla

CVE-2015-0259 openstack-nova: console Cross-Site WebSocket hijacking [fedora-all]↗2015-03-11

▶

Bugzilla

CVE-2015-0259 openstack-nova: console Cross-Site WebSocket hijacking↗2015-02-06

▶