Design/Logic Flaw

2022-01-1901:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant’s firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.

CPENameOperatorVersion
contrail_service_orchestrationeq6.1.0 patch1
contrail_service_orchestrationeq6.1.0 patch2
contrail_service_orchestrationeq6.1.0
contrail_service_orchestrationle6.0.0

Name	Operator	Version
contrail_service_orchestration	eq	6.1.0 patch1
contrail_service_orchestration	eq	6.1.0 patch2
contrail_service_orchestration	eq	6.1.0
contrail_service_orchestration	le	6.0.0

References

kb.juniper.net/JSA11260