Lucene search
ApacheCVELIST:CVE-2021-33190HistoryJun 08, 2021 - 3:05 p.m.
CVE-2021-33190 Bypass network access control
2021-06-0815:05:11
CWE-307
apache
www.cve.org
4
apache apisix dashboard
network access control
bypass
security risks
fix
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1
CNA Affected
[
{
"product": "Apache APISIX Dashboard",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache APISIX Dashboard 2.6 2.6"
}
]
}
]Related
osv
osv
BIT-apisix_dashboard-2021-33190
2024-03-06 10:50:45
CVE-2021-33190
2021-06-08 15:15:08
cnvd
cnvd
Apache APISIX Access Control Error Vulnerability
2021-06-11 00:00:00
nessus
nessus
Apache APISIX Dashboard 2.6 < 2.6.1 Authentication Bypass
2022-06-09 00:00:00
nvd
nvd
CVE-2021-33190
2021-06-08 15:15:08
prion
prion
Default credentials
2021-06-08 15:15:00
cve
cve
CVE-2021-33190
2021-06-08 15:15:08