CVE-2024-46943: OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability

September 16, 2024

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.

References

docs.opendaylight.org/en/latest/release-notes/projects/aaa.html
doi.org/10.48550/arXiv.2408.16940
github.com/advisories/GHSA-46hr-3cq3-mcgp
github.com/opendaylight/aaa
lf-opendaylight.atlassian.net/browse/AAA-285
nvd.nist.gov/vuln/detail/CVE-2024-46943

Detect and mitigate CVE-2024-46943 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →