Lucene search
K

7 matches found

OSV
OSV
added 2024/03/06 10:50 a.m.15 views

BIT-APISIX_DASHBOARD-2021-33190 Bypass network access control

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

5.3CVSS5.1AI score0.02694EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/04/28 12:0 a.m.44 views

Apache APISIX Dashboard < 2.10.1 Authentication Bypass

The version of Apache APISIX Dashboard installed on the remote host is prior to 2.10.1. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated, remote attacker could exploit this to bypass authentication. Note that Nessus has not tested for these issues but has...

9.8CVSS8.4AI score0.85943EPSS
Exploits5References2
Cvelist
Cvelist
added 2021/12/27 3:6 p.m.19 views

CVE-2021-45232 security vulnerability on unauthorized access.

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing th...

9.8AI score0.85943EPSS
Exploits5References2
Positive Technologies
Positive Technologies
added 2021/12/27 12:0 a.m.8 views

PT-2021-6081 · Apache · Apache Apisix Dashboard

Name of the Vulnerable Software and Affected Versions: Apache APISIX Dashboard versions prior to 2.10.1 Description: The issue is related to the Manager API in Apache APISIX Dashboard, which uses two frameworks, gin and droplet. While all APIs and authentication middleware are developed based on...

9.8CVSS9.3AI score0.85943EPSS
Exploits5References18
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.24 views

Apache Apisix 访问控制错误漏洞

Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...

9.8CVSS5.7AI score0.85943EPSS
Exploits5References4
OSV
OSV
added 2021/06/08 3:15 p.m.20 views

CVE-2021-33190

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

5.3CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2021/06/08 3:5 p.m.31 views

CVE-2021-33190 Bypass network access control

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limi...

5.5AI score0.02694EPSS
Exploits0References2
Rows per page
Query Builder