An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.
References
Link | Resource |
---|---|
https://jira.onap.org/browse/OJSI-93 | Exploit Patch Vendor Advisory |
Configurations
Information
Published : 2020-03-18 12:15
Updated : 2020-03-20 06:11
NVD link : CVE-2019-12131
Mitre link : CVE-2019-12131
JSON object : View
CWE
CWE-290
Authentication Bypass by Spoofing
Products Affected
onap
- open_network_automation_platform