Authentication Bypass by Spoofing

CVE-2019-12131

Medium

6.4/10

Summary

An issue was detected in ONAP APPC through Dublin and SDC through Dublin. By setting a USER_ID parameter in an HTTP header, an attacker may impersonate an arbitrary existing user without any authentication. All APPC and SDC setups are affected.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

Advisory Timeline

Published Mar 18, 2020

Authentication Bypass by Spoofing

CVE-2019-12131

Summary

CWE-290 - Authentication Bypass by Spoofing

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS