Uploaded image for project: 'ONAP JIRA Security Issues'
  1. ONAP JIRA Security Issues
  2. OJSI-88

demo-vnfsdk-vnfsdk exposes JDWP port 8000 on localhost which allows to gain root privileges inside the container (CVE-2019-12120)

CloneClone+Clone++
    XMLWordPrintable

Details

    • CVE-2019-12120
    • Hide

      Title: VNFSDK  exposes JDWP port on localhost which allows to gain root privileges inside the container

      Reporter: Radosław Żeszczuk from Samsung

      Products: VNFSDK

      Affects: Dublin and earlier

      Description:

      Radosław Żeszczuk from Samsung reported vulnerability in VNFSDK. By accessing port 8000 of demo-vnfsdk-vnfsdk on localhost an attacker who has access to this pod can gain root privileges. All OOM ONAP setups which includes VNFSDK are affected.

      Show
      Title: VNFSDK  exposes JDWP port on localhost which allows to gain root privileges inside the container Reporter: Radosław Żeszczuk from Samsung Products: VNFSDK Affects: Dublin and earlier Description: Radosław Żeszczuk from Samsung reported vulnerability in VNFSDK. By accessing port 8000 of demo-vnfsdk-vnfsdk on localhost an attacker who has access to this pod can gain root privileges. All OOM ONAP setups which includes VNFSDK are affected.
    • OJSI-VNFSDK

    Description

       

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            mkr1481 Kanagaraj Manickam
            r.z . .
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: