OSA-2019-023: Unprotected APIs/UIs exposed in SO project

Date: 2019-05-28

CVE: CVE-2019-12128

Severity: Important

Affects

SO: El Alto and earlier

Description

Jakub Botwicz, Wojciech Rauner, Łukasz Wrochna and Radosław Żeszczuk from Samsung reported a vulnerability in ONAP SO. By accessing port 30224, an attacker gains full access to the respective ONAP service without any authentication. All ONAP OOM setups are affected.

Patches

Fix required several patches. More details can be found in OJSI-203

Credits

Jakub Botwicz from Samsung
Wojciech Rauner from Samsung
Łukasz Wrochna from Samsung
Radosław Żeszczuk from Samsung

References

Read the Docs v: latest

Versions: latest; montreal; london; kohn; jakarta

Downloads

On Read the Docs: Project Home; Builds