CVE-2024-46942: OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries

September 16, 2024 (updated November 18, 2024)

In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment.

References

docs.opendaylight.org/en/latest/release-notes/projects/mdsal.html
doi.org/10.48550/arXiv.2408.16940
github.com/advisories/GHSA-hv38-h5pj-c96j
github.com/opendaylight/mdsal
lf-opendaylight.atlassian.net/browse/MDSAL-869
nvd.nist.gov/vuln/detail/CVE-2024-46942

Detect and mitigate CVE-2024-46942 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →