Search criteria
3 vulnerabilities found for karaf by opendaylight
FKIE_CVE-2017-1000406
Vulnerability from fkie_nvd - Published: 2017-11-30 21:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://seclists.org/oss-sec/2017/q4/320 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://git.opendaylight.org/gerrit/#/q/topic:AAA-151 | Vendor Advisory | |
| cve@mitre.org | https://jira.opendaylight.org/browse/AAA-151 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2017/q4/320 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.opendaylight.org/gerrit/#/q/topic:AAA-151 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jira.opendaylight.org/browse/AAA-151 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opendaylight | karaf | 0.6.1-carbon |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opendaylight:karaf:0.6.1-carbon:*:*:*:*:*:*:*",
"matchCriteriaId": "C997D199-86BB-44F2-82E8-38FB0A7D3C20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)."
},
{
"lang": "es",
"value": "OpenDaylight Karaf 0.6.1-Carbon no limpia la memoria cach\u00e9 despu\u00e9s de un cambio de contrase\u00f1a, permitiendo el uso de la contrase\u00f1a antigua hasta que la memoria cach\u00e9 Karaf se limpie manualmente (por ejemplo, mediante reinicio)."
}
],
"id": "CVE-2017-1000406",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-30T21:29:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q4/320"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2017/q4/320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://jira.opendaylight.org/browse/AAA-151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-1000406 (GCVE-0-2017-1000406)
Vulnerability from cvelistv5 – Published: 2017-11-30 21:00 – Updated: 2024-09-16 20:02
VLAI?
Summary
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:39.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"name": "[oss-security] 20171123 OpenDayLight: Password change doesn\u0027t result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q4/320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"name": "[oss-security] 20171123 OpenDayLight: Password change doesn\u0027t result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q4/320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000406",
"REQUESTER": "lhinds@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151",
"refsource": "CONFIRM",
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"name": "https://jira.opendaylight.org/browse/AAA-151",
"refsource": "CONFIRM",
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"name": "[oss-security] 20171123 OpenDayLight: Password change doesn\u0027t result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q4/320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000406",
"datePublished": "2017-11-30T21:00:00Z",
"dateReserved": "2017-11-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:38.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000406 (GCVE-0-2017-1000406)
Vulnerability from nvd – Published: 2017-11-30 21:00 – Updated: 2024-09-16 20:02
VLAI?
Summary
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:39.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"name": "[oss-security] 20171123 OpenDayLight: Password change doesn\u0027t result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2017/q4/320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-30T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"name": "[oss-security] 20171123 OpenDayLight: Password change doesn\u0027t result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2017/q4/320"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000406",
"REQUESTER": "lhinds@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151",
"refsource": "CONFIRM",
"url": "https://git.opendaylight.org/gerrit/#/q/topic:AAA-151"
},
{
"name": "https://jira.opendaylight.org/browse/AAA-151",
"refsource": "CONFIRM",
"url": "https://jira.opendaylight.org/browse/AAA-151"
},
{
"name": "[oss-security] 20171123 OpenDayLight: Password change doesn\u0027t result in Karaf clearing cache, allowing old password to still be used (CVE-2017-1000406)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2017/q4/320"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000406",
"datePublished": "2017-11-30T21:00:00Z",
"dateReserved": "2017-11-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:02:38.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}