Description
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.
Remediation
References
https://docs.google.com/presentation/d/1pRRLfdSUqUZ688CZ9e9AyceuXPGp9oyGj7j4bdSsBcw/edit?usp=sharing
Related Vulnerabilities
CVE-2021-21160 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-43138 Vulnerability in maven package org.webjars.npm:async
CVE-2022-31183 Vulnerability in maven package co.fs2:fs2-io_sjs1_3
CVE-2017-12159 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2022-45391 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration