6 matches found
CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...
org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +17 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-openflow-renderer (>=0.10.0 <=0.9.3)
org.opendaylight.sfc:odl-sfc-openflow-renderer MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.5.0, =0.5.2 and more Source cves: CVE-2025-29314 Source advisory:...
org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +19 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.9.3)
org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.4.4-Carbon and more Source cves: CVE-2025-29314 Source advisory:...
CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...
CVE-2025-29314
Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...
CVE-2025-29314
CVE-2025-29314 affects OpenDaylight Service Function Chaining (SFC) Sodium-SR4 and earlier. The root cause is insecure Shiro cookie configurations (e.g., _secureCookies=False, _httpOnly=False) that enable a man-in-the-middle to access sensitive data. CVSSv3.1: 8.1 (HIGH) with network attack vecto...