summaryrefslogtreecommitdiffstats
path: root/docs/release-notes.rst
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2019-06-04 02:05:05 +0200
committerKrzysztof Opasiak <k.opasiak@samsung.com>2019-06-04 02:05:05 +0200
commit4fd0e98f62594198ba240265634a3302c3d257ef (patch)
tree696ae0f8e34d6ca5a03555fbe2ce8db2da1b6a03 /docs/release-notes.rst
parent482a0271686637111d98979a78181bd4d7891f64 (diff)
Document OJSI-88 (CVE-2019-12126) vulnerability
Issue-ID: OJSI-88 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Id2086207baf3ff3426fca92295bdf30b5efa4b73
Diffstat (limited to 'docs/release-notes.rst')
-rw-r--r--docs/release-notes.rst1
1 files changed, 1 insertions, 0 deletions
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index af38b75..6a5cb48 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -42,6 +42,7 @@ N/A
*Known Security Issues*
* In default deployment VNFSDK (refrepo) exposes HTTP port 30297 outside of cluster. [`OJSI-154 <https://jira.onap.org/browse/OJSI-154>`_]
+ * CVE-2019-12126 - demo-vnfsdk-vnfsdk exposes JDWP port 8000 on localhost which allows to gain root privileges inside the container [`OJSI-88 <https://jira.onap.org/browse/OJSI-88>`_]
*Known Vulnerabilities in Used Modules*