Code Review / portal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Document OJSI-65 (CVE-2019-1212) vulnerability
[portal.git] / docs / release-notes.rst
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 4f95469..fbaf675 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -37,6 +37,7 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l
 *Known Security Issues*
 
        * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+       * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
        * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
        * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
        * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
ARCHIVED- 2022-02-15 at the request of the project