Document OJSI-202 (CVE-2019-12127) vulnerability

[oom.git] / docs / release-notes.rst

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 0261b2a..3d61e73 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -53,6 +53,10 @@ Summary
 
 *Known Security Issues*
 
+* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
+* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
+
 *Known Vulnerabilities in Used Modules*
 
 OOM code has been formally scanned during build time using NexusIQ and no