2 matches found
CVE-2022-22152
The CVE covers a REST API access-control failure in Juniper Networks Contrail Service Orchestration. A tenant can view confidential configuration details of other tenants (e.g., firewall configuration and access control policies) due to insufficient authorization checks, exposing sensitive inform...
CVE-2022-22152 Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...