HomePentest-Tools.com Logo

Apache APISIX Dashboard <2.10.1 - API Unauthorized Access CVE-2021-45232

Severity
CVSSv3 Score
9.8
Vulnerability description

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.

Risk description

No risk description to display.

Recommendation

Upgrade to release 2.10.1 or later. Or, change the default username and password, and restrict the source IP to access the Apache APISIX Dashboard.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Dec 27, 2021
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available