CVE-2019-19625

Name of the Vulnerable Software and Affected Versions SROS 2 version 0.8.1

Description The issue is related to a leaky default configuration, as indicated in the policy/defaults/dds/governance.xml document, which causes SROS 2 to leak node information. This leak is due to the default configuration used by SROS 2, which provides tools for generating and distributing keys for Robot Operating System 2 and utilizes the underlying security plugins of DDS from ROS 2.

Recommendations For SROS 2 version 0.8.1, review and adjust the configuration settings in the policy/defaults/dds/governance.xml document to prevent node information leaks. Consider modifying the default configuration to enhance security and restrict unnecessary information disclosure.