CVE-2020-35215

MEDIUM

Atomix - Exposure to Wrong Actor

Title source: rule

Description

An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.

References (1)

[Third Party Advisory] https://docs.google.com/presentation/d/1pRRLfdSUqUZ688CZ9e9AyceuXPGp9oyGj7j4bdSsBcw/edit?usp=sharing

Scores

CVSS v3 6.5

EPSS 0.0029

EPSS Percentile 51.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (2)

atomix/atomix

io.atomix/atomix Maven

Timeline

Published Dec 16, 2021

Tracked Since Feb 18, 2026