Lucene search

Redhat.comRH:CVE-2022-45930

HistoryNov 29, 2022 - 9:26 p.m.

CVE-2022-45930

2022-11-2921:26:04

redhat.com

access.redhat.com

opendaylight

aaa package

sql injection

arbitrary sql statements

database

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

A SQL injection issue was discovered in the AAA package of OpenDaylight. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. This may allow a malicious user to execute arbitrary sql statements against the database.

References

bugzilla.redhat.com/show_bug.cgi?id=2149429

git.opendaylight.org/gerrit/c/aaa/+/103242

jira.opendaylight.org/browse/AAA-240

nvd.nist.gov/vuln/detail/CVE-2022-45930

www.cve.org/CVERecord?id=CVE-2022-45930

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

30.5%

JSON

Related for RH:CVE-2022-45930