Candidate: CVE-2015-0259
PublicDate: 2015-04-01 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0259
 http://lists.openstack.org/pipermail/openstack-announce/2015-March/000341.html
Description:
 OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and
 kilo before kilo-3 does not validate the origin of websocket requests,
 which allows remote attackers to hijack the authentication of users for
 access to consoles via a crafted webpage.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/nova/+bug/1409142
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780250
Priority: low
Discovered-by: Brian Manifold and Paul McMillan
Assigned-to:
CVSS: 

Patches_nova:
upstream_nova: released (2014.1.3-11)
lucid_nova: DNE
precise_nova: not-affected (code not present)
trusty_nova: not-affected (1:2014.1.5-0ubuntu1)
trusty/esm_nova: DNE (trusty was not-affected [1:2014.1.5-0ubuntu1])
utopic_nova: not-affected (1:2014.2.3-0ubuntu1)
vivid_nova: not-affected (1:2015.1.0-0ubuntu1)
devel_nova: not-affected (2:12.0.0~b1-0ubuntu2)