Lucene search

Redhat.comRH:CVE-2022-45932

HistoryNov 29, 2022 - 9:56 p.m.

CVE-2022-45932

2022-11-2921:56:08

redhat.com

access.redhat.com

sql injection

opendaylight

aaa

api interface

arbitrary sql statements

database

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. This may allow a malicious user to execute arbitrary sql statements against the database.

References

bugzilla.redhat.com/show_bug.cgi?id=2149433

git.opendaylight.org/gerrit/c/aaa/+/103241

jira.opendaylight.org/browse/AAA-239

nvd.nist.gov/vuln/detail/CVE-2022-45932

www.cve.org/CVERecord?id=CVE-2022-45932

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for RH:CVE-2022-45932