diff --git a/ossa/OSSA-2015-005.yaml b/ossa/OSSA-2015-005.yaml
new file mode 100644
index 0000000..dea88db
--- /dev/null
+++ b/ossa/OSSA-2015-005.yaml
@@ -0,0 +1,59 @@
+date: 2015-03-13
+
+id: OSSA-2015-005
+
+title: 'Nova console Cross-Site WebSocket hijacking'
+
+description: 'Brian Manifold from Cisco and Paul McMillan from Nebula reported a
+    vulnerability in Nova console websocket. By tricking an authenticated user
+    into visiting a malicious URL, a remote attacker or a man in the middle may
+    exploit a cross-site-websocket-hijacking vulnerability resulting in potential
+    hijack of consoles where the user is still logged in. Only Nova setups with
+    vnc or spice enabled are affected.'
+
+affected-products:
+
+  - product: nova
+    version: up to 2014.1.3 and 2014.2 versions up to 2014.2.2
+
+vulnerabilities:
+
+  - cve-id: CVE-2015-0259
+
+reporters:
+
+  - name: 'Brian Manifold'
+    affiliation: Cisco
+    reported:
+      - CVE-2015-0259
+
+  - name: 'Paul McMillan'
+    affiliation: Nebula
+    reported:
+      - CVE-2015-0259
+
+issues:
+
+  links:
+    - https://launchpad.net/bugs/1409142
+
+  type: launchpad
+
+reviews:
+
+  kilo:
+    - https://review.openstack.org/163033
+
+  juno:
+    - https://review.openstack.org/163034
+
+  icehouse:
+    - https://review.openstack.org/163035
+
+  type: gerrit
+
+notes:
+  - 'This fix is included in 2014.1.4 (icehouse) release and it will be
+     included in the kilo-3 development milestone and in the future
+     2014.2.3 (juno) release.'
+