Description
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
Remediation
References
https://docs.google.com/presentation/d/1pRRLfdSUqUZ688CZ9e9AyceuXPGp9oyGj7j4bdSsBcw/edit?usp=sharing
Related Vulnerabilities
CVE-2017-7664 Vulnerability in maven package org.apache.openmeetings:openmeetings-server
CVE-2018-19838 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webapp
CVE-2018-8815 Vulnerability in maven package org.opencms:opencms-core
CVE-2022-31175 Vulnerability in npm package @ckeditor/ckeditor5-html-embed