Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-201

DCAE TCA exposes unprotected APIs/UIs (CVE-2019-12126)

CloneClone+Clone++
    XMLWordPrintable

Details

    Description

      Impact description (draft)

      Title: Unprotected APIs/UIs exposed in DCAE project

      Reporter: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung

      Products: DCAE

      Affects: Dublin and earlier

      Description:

      Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP DCAE. By accessing port 32010, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. OJSI-161 xdcae-tca-analytics exposes plain text HTTP endpoint using port 32010

          • Highest - Catastrophic defect that causes total failure of the software or unrecoverable data loss with no available workaround. Complete shut-down of the process, nothing can proceed further. Blocks testing of the product / feature. Must be fixed in the next build.
          • Public disclosure
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              vv770d Vijay Venkatesh Kumar
              kopasiak Krzysztof Opasiak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: