Lucene search
K
JuniperContrail Service Orchestration

7 matches found

CVE
CVE
added 2022/01/19 12:20 a.m.152 views

CVE-2022-22152

The CVE covers a REST API access-control failure in Juniper Networks Contrail Service Orchestration. A tenant can view confidential configuration details of other tenants (e.g., firewall configuration and access control policies) due to insufficient authorization checks, exposing sensitive inform...

7.7CVSS6.5AI score0.0078EPSS
CVE
CVE
added 2022/04/14 3:50 p.m.93 views

CVE-2022-22189

CVE-2022-22189 (Contrail Service Orchestration) : An Incorrect Ownership Assignment vulnerability affects Juniper Networks CSO 6.0.0 on on‑prem installations, prior to 6.0.0 Patch v3. A locally authenticated user can elevate permissions and take control of the local system they are authenticated ...

7.8CVSS7.3AI score0.00225EPSS
CVE
CVE
added 2018/07/11 6:0 p.m.65 views

CVE-2018-0040

CVE-2018-0040 affects Juniper Networks Contrail Service Orchestrator prior to 4.0.0, where hard-coded cryptographic certificates and keys are used. Root cause: the presence of hard-coded credentials may allow an attacker to gain unauthorized access to services over the network. Consequences: unau...

10CVSS9.6AI score0.01434EPSS
CVE
CVE
added 2018/07/11 6:0 p.m.61 views

CVE-2018-0041

The CVE-2018-0041 entry concerns Juniper Networks Contrail Service Orchestration (CSO) prior to version 3.3.0, where hard-coded credentials grant network-based attackers unauthorized access to Keystone service data. Root cause: hard-coded credentials in CSO access to Keystone. Affected product: C...

9.8CVSS9.3AI score0.01129EPSS
CVE
CVE
added 2018/07/11 6:0 p.m.57 views

CVE-2018-0038

CVE-2018-0038 affects Juniper Networks Contrail Service Orchestration (CSO) prior to version 3.3.0, where the Cassandra service is enabled by default with hard-coded credentials. This allows network-based attackers to gain unauthorized access to information stored in Cassandra. The connected docu...

9.8CVSS9.1AI score0.01129EPSS
CVE
CVE
added 2018/07/11 6:0 p.m.53 views

CVE-2018-0042

Juniper Networks CSO is affected by an information disclosure vulnerability in versions prior to 4.0.0, caused by the CSO software logging passwords in log files. An attacker could obtain sensitive credentials from logs. A fixed version is CSO 4.0.0 or later; remediation is to upgrade to the patc...

9.8CVSS8.8AI score0.01148EPSS
CVE
CVE
added 2018/07/11 6:0 p.m.51 views

CVE-2018-0039

CVE-2018-0039 affects Juniper Networks Contrail Service Orchestration releases prior to 4.0.0, where Grafana is enabled by default with hard-coded credentials. This enables network-based attackers to access information stored in Grafana or potentially exploit weaknesses in Grafana. The connection...

9.8CVSS8.2AI score0.00973EPSS