Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Contrail Service Orchestration: Tenants able to see other tenants policies via REST API interface
Vulnerability Description
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on another tenant's firewall configuration and access control policies, as well as other sensitive information, exposing the tenant to reduced defense against malicious attacks or exploitation via additional undetermined vulnerabilities. This issue affects Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
保护机制失效
Vulnerability Title
Juniper Networks Contrail Service Orchestration 访问控制错误漏洞
Vulnerability Description
Juniper Networks Contrail Service Orchestration是美国Juniper Networks公司的一个强大的软件平台。用于连接许多企业和多租户服务提供商解决方案。 Juniper Networks Contrail Service Orchestration 存在访问控制错误漏洞,该漏洞源于产品的REST API中不适当的访问限制。远程攻击者可以查看同一系统中其他租户的机密配置细节。
CVSS Information
N/A
Vulnerability Type
N/A