GHSA-qm24-4869-99pjCriticalCVSS 9.8

Opendaylight will authenticate any username and password combination

Published
May 17, 2022
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.

🎯 Affected products1

  • maven/org.opendaylight.odlparent:opendaylight-karaf-resources:< 0.2.3-Helium-SR3

🔗 References (5)