GHSA-4px2-gqhv-mrc7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-4px2-gqhv-mrc7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4px2-gqhv-mrc7/GHSA-4px2-gqhv-mrc7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-4px2-gqhv-mrc7
- Aliases
-
- CVE-2017-1000406
- Published
- 2022-05-17T00:12:25Z
- Modified
- 2024-12-08T05:34:29.986693Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Password change doesn't result in Karaf clearing cache
- Details
-
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
- Database specific
{ "nvd_published_at": "2017-11-30T21:29:00Z", "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-12-21T20:19:38Z" }- References
Affected packages
Maven / org.opendaylight.integration:distribution-karaf
Package
- Name
- org.opendaylight.integration:distribution-karaf
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opendaylight.integration/distribution-karaf
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.6.4-Carbon
Affected versions
0.*
0.2.0-Helium
0.2.1-Helium-SR1
0.2.1-Helium-SR1.1
0.2.2-Helium-SR2
0.2.3-Helium-SR3
0.2.4-Helium-SR4
0.3.0-Lithium
0.3.1-Lithium-SR1
0.3.2-Lithium-SR2
0.3.3-Lithium-SR3
0.3.4-Lithium-SR4
0.4.0-Beryllium
0.4.1-Beryllium-SR1
0.4.2-Beryllium-SR2
0.4.3-Beryllium-SR3
0.4.4-Beryllium-SR4
0.5.0-Boron
0.5.1-Boron-SR1
0.5.2-Boron-SR2
0.5.3-Boron-SR3
0.5.4-Boron-SR4
0.6.0-Carbon
0.6.1-Carbon
0.6.2-Carbon
0.6.3-Carbon
0.6.4-Carbon