From af68d030bd7f66b680c2b44cd60a19a35aaf9223 Mon Sep 17 00:00:00 2001
From: Krzysztof Opasiak <k.opasiak@samsung.com>
Date: Thu, 30 May 2019 15:26:40 +0200
Subject: [PATCH] Document OJSI-65 (CVE-2019-1212) vulnerability

Issue-ID: OJSI-65
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5c3bee06c2b1da3eca2bb583c57decb35b0f32c0
---
 docs/release-notes.rst | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 4f954692..fbaf675e 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -37,6 +37,7 @@ We worked on SDK upgrade to integrate with AAF. We partially implemented multi-l
 *Known Security Issues*
 
 	* CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
+	* CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
 	* In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
 	* In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
 	* In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
-- 
2.16.6