Possible incomplete fix for OSSA-2015-005
Bug #1511541 reported by
Grant Murphy
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Multiple reports that the fix for [OSSA 2015-005] Websocket Hijacking Vulnerability in Nova VNC Server (CVE-2015-0259) is incomplete.
https:/
https:/
Further investigation is needed.
Changed in ossa: | |
status: | New → Incomplete |
information type: | Public → Public Security |
tags: | added: console |
tags: | added: security |
Changed in nova: | |
status: | New → Confirmed |
status: | Confirmed → Incomplete |
To post a comment you must log in.
I believe the fix is valid and complete. I know how to recreate the exploit and have seen the patch block the attempt. Let me know how I can help with the research to verify that this fix is indeed complete.