When using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
Created shiro tracking bugs for this issue:
Affects: fedora-all [bug 1829282]
Whilst the OpenDaylight version that is included in Red Hat OpenStack Platform includes the affected code, the vulnerable function is not used and therefore not exploitable.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):