CVE-2022-45931

Опубликовано: 27 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.

Ссылки

https://git.opendaylight.org/gerrit/c/aaa/+/103243
Patch
Third Party Advisory
https://jira.opendaylight.org/browse/AAA-241
Issue Tracking
Patch
Third Party Advisory
https://git.opendaylight.org/gerrit/c/aaa/+/103243
Patch
Third Party Advisory
https://jira.opendaylight.org/browse/AAA-241
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:opendaylight:0.15.0:*:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:opendaylight:0.15.6:*:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:opendaylight:0.16.0:*:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:opendaylight:0.16.4:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.0018

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

CVE-2022-45931

CVSS3: 6.8

redhat

около 3 лет назад

GHSA-4jhq-4w63-x92x