{"id":"CVE-2024-46943","details":"An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.","aliases":["GHSA-46hr-3cq3-mcgp"],"modified":"2026-03-12T10:38:56.453561Z","published":"2024-09-15T23:15:11.100Z","references":[{"type":"ADVISORY","url":"https://docs.opendaylight.org/en/latest/release-notes/projects/aaa.html"},{"type":"REPORT","url":"https://lf-opendaylight.atlassian.net/browse/AAA-285"},{"type":"ARTICLE","url":"https://doi.org/10.48550/arXiv.2408.16940"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.19.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46943.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}