From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Wed, 5 Jun 2019 00:11:48 +0000 (+0200)
Subject: Document OJSI-94 vulnerability
X-Git-Tag: 1.6.1~326
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=refs%2Fchanges%2F13%2F89313%2F1;p=sdc.git

Document OJSI-94 vulnerability

Issue-ID: OJSI-94
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ica867e5fd81a08c758751cd06ab45b833ac97e74
---

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 52dcb21c0a..dafdf3c5dc 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -108,6 +108,7 @@ Security Notes
 -  CVE-2019-12118 [`OJSI-79 <https://jira.onap.org/browse/OJSI-79>`__\ ] - demo-sdc-sdc-wfd-be exposes JDWP on port 7001 which allows for arbitrary code execution
 -  CVE-2019-12119 [`OJSI-80 <https://jira.onap.org/browse/OJSI-80>`__\ ] - demo-sdc-sdc-wfd-fe exposes JDWP on port 7000 which allows for arbitrary code execution
 -  [`OJSI-90 <https://jira.onap.org/browse/OJSI-90>`__\ ] - SDC exposes unprotected API for user creation
+-  [`OJSI-94 <https://jira.onap.org/browse/OJSI-94>`__\ ] - sdc-wfd-fe allows to impersonate any user by setting USER_ID
 
 *Known Vulnerabilities in Used Modules*