CVE-2025-29314

HIGH8.1EPSS 0.09%

OpenDaylight SFC Insecure Shiro Cookie Configuration

發布日:2025/3/24修改日:2025/3/26

描述

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining (SFC) Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack.

受影響套件(2)

Maven/org.opendaylight.sfc:odl-sfc-openflow-rendererfrom 0, <= 0.10.4
Maven/org.opendaylight.sfc:odl-sfc-ovsfrom 0, <= 0.10.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-29314
PATCHhttps://github.com/opendaylight/sfc
WEBhttps://blog.csdn.net/weixin_43959580/article/details/146018166