BIT-APISIX_DASHBOARD-2021-33190 Bypass network access control

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

Apache APISIX Dashboard < 2.10.1 Authentication Bypass

The version of Apache APISIX Dashboard installed on the remote host is prior to 2.10.1. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated, remote attacker could exploit this to bypass authentication. Note that Nessus has not tested for these issues but has...

CVE-2021-45232

In Apache APISIX Dashboard before version 2.10.1, the Manager API is implemented using two frameworks (gin and the droplet-based framework) with all APIs and authentication middleware built on droplet, while some APIs directly call gin interfaces, bypassing authentication. This leads to an authen...

CVE-2021-45232 security vulnerability on unauthorized access.

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...

Apache Apisix 访问控制错误漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

PT-2021-6081 · Apache · Apache Apisix Dashboard

Name of the Vulnerable Software and Affected Versions: Apache APISIX Dashboard versions prior to 2.10.1 Description: The issue is related to the Manager API in Apache APISIX Dashboard, which uses two frameworks, gin and droplet. While all APIs and authentication middleware are developed based on...

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

CVE-2021-33190 Bypass network access control

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

CVE-2021-33190

CVE-2021-33190 – APISIX Dashboard 2.6 : The issue arises from using a risky IP acquisition function in the IP Allowed List, enabling bypass of network access restrictions when listen_host defaults to 0.0.0.0. This is fixed in APISIX Dashboard 2.6.1. Some sources also note an authentication bypass...

Apache Apisix 安全漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot-loading, suitable for API management under the microservices architecture. APISIX Dashboard has a security...