OSA-2019-020: Unprotected APIs/UIs exposed in Logging project
Logging: Dublin and earlier
Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a number of vulnerabilities in ONAP Logging. By accessing one of:
ports, an attacker gains full access to the respective ONAP services without any authentication. All ONAP OOM setups are affected.
No patch for this vulnerability has been proposed yet.
Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung