CVE-2023-28640

🗓️ 27 Mar 2023 21:12:15Reported by GitHub_MType

Apiman API Management platform allows unauthorized access to API keys

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2023-28640	27 Mar 202321:15	–	nvd
Veracode	Information Disclosure	4 Apr 202308:05	–	veracode
OSV	Apiman vulnerable to permissions bypass due to missing check on API key URL	27 Mar 202322:17	–	osv
OSV	CVE-2023-28640	27 Mar 202321:15	–	osv
Cvelist	CVE-2023-28640 Permissions bypass in Apiman could enable authenticated attacker to unpermitted API Key	27 Mar 202320:46	–	cvelist
Prion	Design/Logic Flaw	27 Mar 202321:15	–	prion
Github Security Blog	Apiman vulnerable to permissions bypass due to missing check on API key URL	27 Mar 202322:17	–	github

Nvd

Vulners

Node

apiman apimanMatch3.0.0-

[
  {
    "vendor": "apiman",
    "product": "apiman",
    "versions": [
      {
        "version": "< 3.1.0.Final",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/apiman/apiman/security/advisories/GHSA-m6f8-hjrv-mw5f
apiman	www.apiman.io/blog/potential-permissions-bypass-disclosure/

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

27 Mar 2023 21:15Current

4.5Medium risk

Vulners AI Score4.5

CVSS33.1 - 6.4

EPSS0.001