CVE-2022-22152

Name of the Vulnerable Software and Affected Versions Juniper Networks Contrail Service Orchestration versions prior to 6.1.0 Patch 3

Description A Protection Mechanism Failure in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant to view confidential configuration details of another tenant on the same system. This includes obtaining information on another tenant's firewall configuration and access control policies, as well as other sensitive information. This exposure reduces the defense against malicious attacks or exploitation via additional undetermined vulnerabilities.

Recommendations For versions prior to 6.1.0 Patch 3, update to version 6.1.0 Patch 3 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API to minimize the risk of exploitation. Avoid using the REST API to access sensitive information until the issue is resolved.