From fc4442976411f28a214898a3261e698c48dda31d Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Thu, 30 May 2019 15:27:27 +0200 Subject: Document OJSI-92 (CVE-2019-12121) vulnerability Issue-ID: OJSI-92 Signed-off-by: Krzysztof Opasiak Change-Id: Idad22deafb262da539c52fa8733e7ea098fd1361 --- docs/release-notes.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index fbaf675e..871c7d5b 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -38,6 +38,7 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 `_] * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 `_] + * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 `_] * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 `_] * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 `_] * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 `_] -- cgit 1.2.3-korg