CVE-2015-0259

OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0790.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0843.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0844.html	Third Party Advisory
https://bugs.launchpad.net/nova/+bug/1409142	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova::::::::
	cpe:2.3:a:openstack:nova:2015.1.0:milestone1::::::
	cpe:2.3:a:openstack:nova:2015.1.0:milestone2::::::

History

13 Feb 2023, 00:46

Type	Values Removed	Values Added
Summary	It was discovered that the OpenStack Compute (nova) console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.	OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
References	~~{'url': 'https://access.redhat.com/security/cve/CVE-2015-0259', 'name': 'https://access.redhat.com/security/cve/CVE-2015-0259', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=1190112', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=1190112', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0790', 'name': 'https://access.redhat.com/errata/RHSA-2015:0790', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0843', 'name': 'https://access.redhat.com/errata/RHSA-2015:0843', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2015:0844', 'name': 'https://access.redhat.com/errata/RHSA-2015:0844', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 20:20

Type	Values Removed	Values Added
Summary	OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.	It was discovered that the OpenStack Compute (nova) console websocket did not correctly verify the origin header. An attacker could use this flaw to conduct a cross-site websocket hijack attack. Note that only Compute setups with VNC or SPICE enabled were affected by this flaw.
References		(MISC) https://access.redhat.com/security/cve/CVE-2015-0259 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1190112 - (MISC) https://access.redhat.com/errata/RHSA-2015:0790 - (MISC) https://access.redhat.com/errata/RHSA-2015:0843 - (MISC) https://access.redhat.com/errata/RHSA-2015:0844 -

Information

Published : 2015-04-01 14:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-0259

Mitre link : CVE-2015-0259

CVE.ORG link : CVE-2015-0259

JSON object : View

Products Affected

openstack

nova

CWE

CWE-345

Insufficient Verification of Data Authenticity

5.1 /10