Lucene search
GoogleOSV:CVE-2021-33190HistoryJun 08, 2021 - 3:15 p.m.
CVE-2021-33190
2021-06-0815:15:08
Google
osv.dev
10
cve-2021-33190
apache apisix dashboard
external network access
ip allowed list
security risks
fixed issue
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1
Related
osv
osv
BIT-apisix_dashboard-2021-33190
2024-03-06 10:50:45
cnvd
cnvd
Apache APISIX Access Control Error Vulnerability
2021-06-11 00:00:00
nessus
nessus
Apache APISIX Dashboard 2.6 < 2.6.1 Authentication Bypass
2022-06-09 00:00:00
nvd
nvd
CVE-2021-33190
2021-06-08 15:15:08
prion
prion
Default credentials
2021-06-08 15:15:00
cvelist
cvelist
CVE-2021-33190 Bypass network access control
2021-06-08 15:05:11
cve
cve
CVE-2021-33190
2021-06-08 15:15:08