We tested this bug against OpenDayLight 12.0.5.
This bug was found by analyzing the source code of the controller using an AI coding agent (Claude).
An issue in the cluster-admin:backup-datastore component of ODL Controller v12.0.5 allows a remote attacker to perform a path traversal via a crafted request.
Exploitable via RESTCONF HTTP POST over the network.
Attackers can write arbitrary files to any location accessible by the ODL process.
Validate and restrict the file-path parameter to a permitted base directory and reject any path that resolves outside it.