[OJSI-203] SO exposes unprotected APIs/UIs (CVE-2019-12128) - ONAP JIRA

Clone

Clone+

Clone++

XML

Word

Printable

Type: Task
Status: Public disclosure
Priority: Highest
Resolution: Done
Affects Version/s: Casablanca Maintenance Release, Dublin Release, Casablanca
Fix Version/s: Frankfurt Release
Labels:

OJSI CVE:
CVE-2019-12128
OJSI Impact Description:

Hide

Title: Unprotected APIs/UIs exposed in SO project

Reporter: Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung

Products: SO

Affects: Dublin and earlier

Description:

Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP SO. By accessing port 30224, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Show
Title: Unprotected APIs/UIs exposed in SO project Reporter: Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung Products: SO Affects: Dublin and earlier Description: Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP SO. By accessing port 30224, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.
OJSI Grant Project Access:
OJSI-SO
Epic Link:
Unprotected APIs/UIs exposed

relates to

SO-2063 AAF integration

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...