OSA-2019-025: Unprotected APIs/UIs exposed in CLI project
Date: 2019-05-28
CVE: CVE-2019-12130
Severity: Important
Affects
CLI: Dublin and earlier
Description
Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP CLI. By accessing port 30271, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.
Patches
No patch for this vulnerability has been proposed yet.
Credits
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung