The vulnerability of the graphical interface of the Apache APISIX Dashboard cloud API gateway lies in the lack of authentication for a critical function, allowing attackers to bypass the authentication process.

🗓️ 10 Feb 2022 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

APISIX Dashboard lacks authentication for a critical function, letting attackers bypass authentication.

Reporter	Title	Published	Views	Family All 20
GithubExploit	Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard	8 Jan 202208:16	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard	28 Dec 202113:08	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard	5 Jan 202204:13	–	githubexploit
GithubExploit	Exploit for Authentication Bypass by Spoofing in Apache Apisix	22 Feb 202214:09	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Apache Apisix_Dashboard	31 Dec 202102:12	–	githubexploit
Tenable Nessus	Apache APISIX Dashboard < 2.10.1 Authentication Bypass (Direct Check)	28 Apr 202200:00	–	nessus
Tenable Nessus	Apache APISIX Dashboard < 2.10.1 Authentication Bypass	28 Apr 202200:00	–	nessus
Tenable Nessus	Apache APISIX Dashboard < 2.10.1 Authentication Bypass	14 Nov 202400:00	–	nessus
Circl	CVE-2021-45232	29 Dec 202105:57	–	circl
CNNVD	Apache Apisix 访问控制错误漏洞	27 Dec 202100:00	–	cnnvd

Vulners

Node

apache apisix_dashboardRange<2.10.1

Source	Link
lists	www.lists.apache.org/thread/979qbl6vlm8269fopfyygnxofgqyn6k5
openwall	www.openwall.com/lists/oss-security/2021/12/27/1
web	www.web.nvd.nist.gov/view/vuln/detail

10 Feb 2022 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 27.5

CVSS 39.8

EPSS0.85943

APISIX Dashboard Authentication bypass Critical function Graphical interface