Document OJSI-94 vulnerability Issue-ID: OJSI-94 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com> Change-Id: Ica867e5fd81a08c758751cd06ab45b833ac97e74

commit: be1e1600f0a7103e538aae660ce611151ca63702 [log] [tgz]
author: Krzysztof Opasiak <k.opasiak@samsung.com> Wed Jun 05 02:11:48 2019 +0200
committer: Krzysztof Opasiak <k.opasiak@samsung.com> Wed Jun 05 02:11:48 2019 +0200
tree: e5a72086440d8ce5551c608e2b453b8539f9a83e
parent: 340253b90fb6c0eb0bab8d5c1c8d2375c8dc48ec [diff]
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 52dcb21..dafdf3c 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst

@@ -108,6 +108,7 @@
 -  CVE-2019-12118 [`OJSI-79 <https://jira.onap.org/browse/OJSI-79>`__\ ] - demo-sdc-sdc-wfd-be exposes JDWP on port 7001 which allows for arbitrary code execution
 -  CVE-2019-12119 [`OJSI-80 <https://jira.onap.org/browse/OJSI-80>`__\ ] - demo-sdc-sdc-wfd-fe exposes JDWP on port 7000 which allows for arbitrary code execution
 -  [`OJSI-90 <https://jira.onap.org/browse/OJSI-90>`__\ ] - SDC exposes unprotected API for user creation
+-  [`OJSI-94 <https://jira.onap.org/browse/OJSI-94>`__\ ] - sdc-wfd-fe allows to impersonate any user by setting USER_ID
 
 *Known Vulnerabilities in Used Modules*
commit	be1e1600f0a7103e538aae660ce611151ca63702	[log] [tgz]
author	Krzysztof Opasiak <k.opasiak@samsung.com>	Wed Jun 05 02:11:48 2019 +0200
committer	Krzysztof Opasiak <k.opasiak@samsung.com>	Wed Jun 05 02:11:48 2019 +0200
tree	e5a72086440d8ce5551c608e2b453b8539f9a83e
parent	340253b90fb6c0eb0bab8d5c1c8d2375c8dc48ec [diff]