Description
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
Remediation
References
https://docs.google.com/presentation/d/1pRRLfdSUqUZ688CZ9e9AyceuXPGp9oyGj7j4bdSsBcw/edit?usp=sharing
Related Vulnerabilities
CVE-2018-12432 Vulnerability in maven package net.bull.javamelody:javamelody-core
CVE-2016-10670 Vulnerability in npm package windows-seleniumjar-mirror
CVE-2020-7638 Vulnerability in npm package confinit
CVE-2022-45385 Vulnerability in maven package org.jenkins-ci.plugins:dockerhub-notification
CVE-2019-10767 Vulnerability in npm package iobroker.js-controller