OSA-2019-017: Some ONAP services allows to impersonate any user without authentication
APPC: Dublin and earlier
SDC: Dublin and earlier
Łukasz Wrochna from Samsung reported a vulnerability in APPC (appc-cdt) and SDC (sdc-wfd-fe). By setting a USER_ID parameter in HTTP header an attacker may impersonate arbitrary existing user without any authentication. All APPC and SDC setups are affected.
No patch for this vulnerability has been proposed yet.
Łukasz Wrochna from Samsung