========================================================== OSSA-2015-005: Nova console Cross-Site WebSocket hijacking ========================================================== :Date: March 13, 2015 :CVE: CVE-2015-0259 Affects ~~~~~~~ - Nova: up to 2014.1.3 and 2014.2 versions up to 2014.2.2 Description ~~~~~~~~~~~ Brian Manifold from Cisco and Paul McMillan from Nebula reported a vulnerability in Nova console websocket. By tricking an authenticated user into visiting a malicious URL, a remote attacker or a man in the middle may exploit a cross-site-websocket-hijacking vulnerability resulting in potential hijack of consoles where the user is still logged in. Only Nova setups with vnc or spice enabled are affected. Patches ~~~~~~~ - https://review.openstack.org/163035 (Icehouse) - https://review.openstack.org/163034 (Juno) - https://review.openstack.org/163033 (Kilo) Credits ~~~~~~~ - Brian Manifold from Cisco (CVE-2015-0259) - Paul McMillan from Nebula (CVE-2015-0259) References ~~~~~~~~~~ - https://launchpad.net/bugs/1409142 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259 Notes ~~~~~ - This fix is included in 2014.1.4 (icehouse) release and it will be included in the kilo-3 development milestone and in the future 2014.2.3 (juno) release. -- Tristan Cacqueray OpenStack Vulnerability Management Team