Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-205

CLI exposes unprotected APIs/UIs (CVE-2019-12130)

CloneClone+Clone++
    XMLWordPrintable

Details

    • Task
    • Status: Under review
    • Highest
    • Resolution: Unresolved
    • Casablanca Maintenance Release, Dublin Release, Casablanca
    • Frankfurt Release
    • CVE-2019-12130
    • Hide

      Title: Unprotected APIs/UIs exposed in CLI project

      Reporter: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung

      Products: CLI

      Affects: Dublin and earlier

      Description:

      Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP CLI. By accessing port 30271, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

      Show
      Title: Unprotected APIs/UIs exposed in CLI project Reporter: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung Products: CLI Affects: Dublin and earlier Description: Jakub Botwicz,  Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP CLI. By accessing port 30271, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.
    • OJSI-CLI

    Attachments

      # Subject Branch Project Status CR V
      88651,3 Issue OSA for OJSI-205 master osa Status: MERGED +2 +1
      88932,1 Document OJSI-205 (CVE-2019-12130) vulnerability master cli Status: MERGED +2 +1

      Activity

        People

          mkr1481 Kanagaraj Manickam
          kopasiak Krzysztof Opasiak
          Votes:
          0 Vote for this issue
          Watchers:
          2 Start watching this issue

          Dates

            Created:
            Updated:
            Resolved: