From a7b9337e3691f89d0b3f7e36ab73ef964476a655 Mon Sep 17 00:00:00 2001 From: Krzysztof Opasiak Date: Thu, 6 Jun 2019 01:28:19 +0200 Subject: Document OJSI-199 (CVE-2019-12112) vulnerability Issue-ID: OJSI-199 Signed-off-by: Krzysztof Opasiak Change-Id: I0cf61765fcab7fac5834d697004872e5bc58479c Former-commit-id: b3fd8af2a5e1b4de6ec194a4ef7b0b6511808c0f --- docs/release-notes.rst | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/release-notes.rst') diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 67034c6b..56443f1b 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -50,6 +50,8 @@ The full list of known issues in SDNC may be found in the ONAP Jira at `_ In default deployment SDNC (sdnc-portal) exposes HTTP port 30201 outside of cluster. Fixed temporarily by disabling admportal +- CVE-2019-12112 `OJSI-199 `_ SDNC service allows for arbitrary code execution in sla/upload form + Fixed temporarily by disabling admportal *Known Security Issues* -- cgit 1.2.3-korg