Issue OSA for OJSI-79

Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Iccf563afa1ec0c8420fd1f932d05d484950f1143
author: Krzysztof Opasiak <k.opasiak@samsung.com> 2019-05-28 13:25:48 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> 2019-05-28 21:07:32 +0200
commit: be8a880f5c020383e1b5583e0cf1e7de6dd72b45 (patch)
tree: 683e36ec55621aa2594573b91aa63135a2c148ca
parent: 381d2385eaa2f3960c6e8659faa94be8b99a1131 (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/osa/OSA-2019-013.rst b/osa/OSA-2019-013.rst
new file mode 100644
index 0000000..93fd61e
--- /dev/null
+++ b/osa/OSA-2019-013.rst
@@ -0,0 +1,35 @@
+=======================================================================================
+OSA-2019-013: SDC exposes JDWP outside of pod which allows for arbitrary code execution
+=======================================================================================
+
+**Date:** 2019-05-28
+
+**CVE:** CVE-2019-12118
+
+**Severity:** Critical
+
+Affects
+-------
+
+* SDC: Dublin and earlier
+
+Description
+-----------
+
+Radosław Żeszczuk from Samsung reported vulnerability in SDC. By accessing port 7001 of demo-sdc-sdc-wfd-be pod an unauthenticated attacker who already has access to pod to pod communication may execute arbitrary code inside this pod. All OOM ONAP setups which includes SDC are affected.
+
+Patches
+-------
+
+No patch for this vulnerability has been proposed yet.
+
+Credits
+-------
+
+* Radosław Żeszczuk from Samsung
+
+References
+----------
+
+* `OJSI-79 <https://jira.onap.org/browse/OJSI-79>`_
+* `CVE-2019-12118 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12118>`_
author	Krzysztof Opasiak <k.opasiak@samsung.com>	2019-05-28 13:25:48 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	2019-05-28 21:07:32 +0200
commit	be8a880f5c020383e1b5583e0cf1e7de6dd72b45 (patch)
tree	683e36ec55621aa2594573b91aa63135a2c148ca
parent	381d2385eaa2f3960c6e8659faa94be8b99a1131 (diff)