Code Review / appc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f989a9e)
Document OJSI-95 vulnerability 33/89433/1
authorKrzysztof Opasiak <k.opasiak@samsung.com>
Wed, 5 Jun 2019 21:31:54 +0000 (23:31 +0200)
committerKrzysztof Opasiak <k.opasiak@samsung.com>
Wed, 5 Jun 2019 21:31:54 +0000 (23:31 +0200)
Issue-ID: OJSI-95
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ica05a626601673f672cc0be6a8c6cdcbe94323f8

docs/release-notes.rst patch | blob | history

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index fa09a4e..4123ff9 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -118,6 +118,7 @@ The Dublin release added the following functionality:
       - CVE-2019-12316 `OJSI-25 <https://jira.onap.org/browse/OJSI-25>`_ - SQL Injection in APPC
       - `OJSI-29 <https://jira.onap.org/browse/OJSI-29>`_ - Unsecured Swagger UI Interface in AAPC
       - CVE-2019-12124 `OJSI-63 <https://jira.onap.org/browse/OJSI-63>`_ - APPC exposes Jolokia Interface which allows to read and overwrite any arbitrary file
+      - `OJSI-95 <https://jira.onap.org/browse/OJSI-95>`_ - appc-cdt allows to impersonate any user by setting USER_ID
 
 *Known Vulnerabilities in Used Modules*
 
ARCHIVED- 2022-02-15 at the request of the project