Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-200

Logging exposes unprotected APIs/UIs (CVE-2019-12125)

CloneClone+Clone++
    XMLWordPrintable

Details

    • Task
    • Status: Confirmed
    • Highest
    • Resolution: Unresolved
    • Casablanca Maintenance Release, Dublin Release, Casablanca
    • Frankfurt Release
    • CVE-2019-12125
    • Hide

      Title: Unprotected APIs/UIs exposed in Logging project

      Reporter: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung

      Products: Logging

      Affects: Dublin and earlier

      Description:

      Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a number of vulnerabilities in ONAP Logging. By accessing one of:

      • 30253
      • 30234
      • 30290
      • 30254

      ports, an attacker gains full access to the respective ONAP services without any authentication. All ONAP OOM setups are affected.

      Show
      Title: Unprotected APIs/UIs exposed in Logging project Reporter: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung Products: Logging Affects: Dublin and earlier Description: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a number of vulnerabilities in ONAP Logging. By accessing one of: 30253 30234 30290 30254 ports, an attacker gains full access to the respective ONAP services without any authentication. All ONAP OOM setups are affected.
    • OJSI-LOG

    Description

       

       

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              pau2882 Prudence Au
              kopasiak Krzysztof Opasiak
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: