Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Document OJSI-65 (CVE-2019-1212) vulnerability
[portal.git] / docs / release-notes.rst
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index bcb1f16..fbaf675 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -36,6 +36,12 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l
 
 *Known Security Issues*
 
+       * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+       * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
+       * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+       * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+       * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+
 *Known Vulnerabilities in Used Modules*
 
 PORTAL code has been formally scanned during build time using NexusIQ and all Critical vulnerabilities have been addressed, items that remain open have been assessed for risk and determined to be false positive. The PORTAL open Critical security vulnerabilities and their risk assessment have been documented as part of the `project <https://wiki.onap.org/pages/viewpage.action?pageId=51283057>`_.
ARCHIVED- 2022-02-15 at the request of the project