From be1e1600f0a7103e538aae660ce611151ca63702 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Wed, 5 Jun 2019 02:11:48 +0200 Subject: Document OJSI-94 vulnerability Issue-ID: OJSI-94 Signed-off-by: Krzysztof Opasiak Change-Id: Ica867e5fd81a08c758751cd06ab45b833ac97e74 --- docs/release-notes.rst | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/release-notes.rst') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 52dcb21c0a..dafdf3c5dc 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -108,6 +108,7 @@ Security Notes - CVE-2019-12118 [`OJSI-79 `__\ ] - demo-sdc-sdc-wfd-be exposes JDWP on port 7001 which allows for arbitrary code execution - CVE-2019-12119 [`OJSI-80 `__\ ] - demo-sdc-sdc-wfd-fe exposes JDWP on port 7000 which allows for arbitrary code execution - [`OJSI-90 `__\ ] - SDC exposes unprotected API for user creation +- [`OJSI-94 `__\ ] - sdc-wfd-fe allows to impersonate any user by setting USER_ID *Known Vulnerabilities in Used Modules* -- cgit 1.2.3-korg