Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/26 12:21 a.m.7 views

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

8.1CVSS6.7AI score0.00204EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/03/24 9:30 p.m.7 views

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +17 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-openflow-renderer (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:odl-sfc-openflow-renderer MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.5.0, =0.5.2 and more Source cves: CVE-2025-29314 Source advisory:...

8.1CVSS5.8AI score0.00204EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/03/24 9:30 p.m.11 views

org.opendaylight.groupbasedpolicy:features-groupbasedpolicy (=0.7.4), org.opendaylight.groupbasedpolicy:odl-groupbasedpolicy-neutron-and-ofoverlay (>=0.5.0-Carbon <=0.7.4) +19 more potentially affected by CVE-2025-29314 via org.opendaylight.sfc:odl-sfc-ovs (>=0.10.0 <=0.9.3)

org.opendaylight.sfc:odl-sfc-ovs MAVEN version =0.10.0, =0.5.0-Carbon, =0.5.0-Carbon, =0.5.0-Carbon, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.9.0, =0.6.0, =0.6.0, =0.4.0-Carbon, =0.5.0, =0.4.0-Carbon, =0.4.4-Carbon and more Source cves: CVE-2025-29314 Source advisory:...

8.1CVSS5.8AI score0.00204EPSS
Exploits0
NVD
NVD
added 2025/03/24 9:15 p.m.9 views

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

8.1CVSS0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/24 12:0 a.m.5 views

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

6.6AI score0.00204EPSS
Exploits0References1
CVE
CVE
added 2025/03/24 12:0 a.m.66 views

CVE-2025-29314

CVE-2025-29314 affects OpenDaylight Service Function Chaining (SFC) Sodium-SR4 and earlier. The root cause is insecure Shiro cookie configurations (e.g., _secureCookies=False, _httpOnly=False) that enable a man-in-the-middle to access sensitive data. CVSSv3.1: 8.1 (HIGH) with network attack vecto...

8.1CVSS6.6AI score0.00204EPSS
Exploits0References1
Rows per page
Query Builder