https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 https://jira.opendaylight.org/browse/CONTROLLER-1235 controller <p>The URLS supported by the odl-mdsal-apidocs are not protected by the controller's AAA. This is a security vulnerability when the security model prohibits any access to the controller without authentication.</p> <p>Operating System: All<br/> Platform: All</p> CONTROLLER-1235

odl-mdsal-apidocs feature is not protected through AAA

Bug Resolved Done Unassigned Ryan Goulding Thu, 2 Apr 2015 14:14:33 +0000 Tue, 25 Jul 2023 08:23:59 +0000 Tue, 5 May 2015 15:34:57 +0000 restconf 0 2 <p>The fix for this Bug was tested by:</p> <p>1) Running karaf <br/> cd controller<br/> ./opendaylight/distribution/opendaylight-karaf/target/assembly/bin/karaf debug</p> <p>2) feature:install odl-restconf odl-mdsal-apidocs</p> <p>3) Visiting the api explorer web page, and ensuring that the page is not loaded until valid AuthN was supplied.</p> <p><a href="http://localhost:8181/apidoc/explorer/index.html" class="external-link" target="_blank" rel="nofollow noopener">http://localhost:8181/apidoc/explorer/index.html</a></p> <p>This test was done using:<br/> 1) Google Chrome Version 41.0.2272.101 (64-bit)<br/> 2) Mozilla Firefox Version 36.0.4<br/> On Fedora 20 with kernel "Linux fedora 3.18.9-100.fc20.x86_64".</p> <p>This bug is part of the project to Move all ADSAL associated component bugs to ADSAL.</p> <p>This is not an ADSAL bug.</p> Development External issue ID 2942 External issue URL Issue Type ODL SR Target Milestone Rank 0|i02pbj: