Описание
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 4.0.0 (исключая)
cpe:2.3:a:onap:open_network_automation_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00189
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-319
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered in ONAP Portal through Dublin. By executing a call to ONAPPORTAL/portalApi/loggedinUser, an attacker who possesses a user's cookie may retrieve that user's password from the database. All Portal setups are affected.
EPSS
Процентиль: 41%
0.00189
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-319