7 matches found
BIT-APISIX_DASHBOARD-2021-33190 Bypass network access control
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...
Apache APISIX Dashboard < 2.10.1 Authentication Bypass
The version of Apache APISIX Dashboard installed on the remote host is prior to 2.10.1. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated, remote attacker could exploit this to bypass authentication. Note that Nessus has not tested for these issues but has...
CVE-2021-45232 security vulnerability on unauthorized access.
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...
PT-2021-6081 · Apache · Apache Apisix Dashboard
Name of the Vulnerable Software and Affected Versions: Apache APISIX Dashboard versions prior to 2.10.1 Description: The issue is related to the Manager API in Apache APISIX Dashboard, which uses two frameworks, gin and droplet. While all APIs and authentication middleware are developed based on...
Apache Apisix 访问控制错误漏洞
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...
CVE-2021-33190
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...
CVE-2021-33190 Bypass network access control
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...