Lucene search
ApacheCVELIST:CVE-2020-13945HistoryDec 07, 2020 - 7:04 p.m.
CVE-2020-13945
2020-12-0719:04:52
apache
www.cve.org
9
apache apisix
admin api
ip restrictions
cve-2020-13945
data management
EPSS
0.009
Percentile
83.0%
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
CNA Affected
[
{
"product": "Apache APISIX",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
}
]
}
]Related
osv
osv
BIT-apisix-2020-13945
2024-03-06 10:51:26
CVE-2020-13945
2020-12-07 20:15:12
nuclei
nuclei
Apache APISIX - Insufficiently Protected Credentials
2022-01-16 16:38:55
cve
cve
CVE-2020-13945
2020-12-07 20:15:12
nvd
nvd
CVE-2020-13945
2020-12-07 20:15:12
nessus
nessus
Apache APISIX 1.2 <= 1.5 Information Disclosure
2022-04-20 00:00:00
prion
prion
Design/Logic Flaw
2020-12-07 20:15:00
githubexploit
githubexploit
Exploit for CVE-2020-13945
2022-05-09 12:26:11
zdt
zdt
Apache APISIX Remote Code Execution Exploit
2022-03-07 00:00:00
packetstorm
packetstorm
Apache APISIX Remote Code Execution
2022-03-07 00:00:00
metasploit
metasploit
APISIX Admin API default access token RCE
2022-02-28 17:09:18