HomePentest-Tools.com Logo

Apache APISIX - Insufficiently Protected Credentials CVE-2020-13945

Severity
CVSSv3 Score
6.5
Vulnerability description

Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.

Risk description

No risk description to display.

Recommendation

Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Dec 7, 2020
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available