Document OJSI-95 vulnerability Issue-ID: OJSI-95 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ica05a626601673f672cc0be6a8c6cdcbe94323f8

commit: 9efc5e6ea56013249cb7d9746fa0b21916e79549 [log] [tgz]
author: Krzysztof Opasiak <k.opasiak@samsung.com> Wed Jun 05 23:31:54 2019 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> Wed Jun 05 23:31:54 2019 +0200
tree: d296e393e71dc22aae25de723478ee29c1a4fcd8
parent: f989a9e9a9d17a56e3d1322b9d1550c7e281577f [diff] [blame]
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index fa09a4e..4123ff9 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst

@@ -118,6 +118,7 @@
       - CVE-2019-12316 `OJSI-25 <https://jira.onap.org/browse/OJSI-25>`_ - SQL Injection in APPC
       - `OJSI-29 <https://jira.onap.org/browse/OJSI-29>`_ - Unsecured Swagger UI Interface in AAPC
       - CVE-2019-12124 `OJSI-63 <https://jira.onap.org/browse/OJSI-63>`_ - APPC exposes Jolokia Interface which allows to read and overwrite any arbitrary file
+      - `OJSI-95 <https://jira.onap.org/browse/OJSI-95>`_ - appc-cdt allows to impersonate any user by setting USER_ID
 
 *Known Vulnerabilities in Used Modules*
commit	9efc5e6ea56013249cb7d9746fa0b21916e79549	[log] [tgz]
author	Krzysztof Opasiak <k.opasiak@samsung.com>	Wed Jun 05 23:31:54 2019 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	Wed Jun 05 23:31:54 2019 +0200
tree	d296e393e71dc22aae25de723478ee29c1a4fcd8
parent	f989a9e9a9d17a56e3d1322b9d1550c7e281577f [diff] [blame]