Apiman vulnerable to permissions bypass due to missing check on API key URL

Impact Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted...

io.fabric8.apps:apiman (>=2.2.9.1 <=2.2.19), io.fabric8.apps:distro (>=2.2.7 <=2.2.19) +6 more potentially affected by CVE-2022-36437 via io.apiman:apiman-gateway-platforms-vertx (=1.1.3.CR1)

io.apiman:apiman-gateway-platforms-vertx MAVEN version =1.1.3.CR1 is affected by a known vulnerability. The following packages have a transitive dependency on io.apiman:apiman-gateway-platforms-vertx and may be impacted: - io.fabric8.apps:apiman =2.2.9.1, =2.2.7, =2.2.9.1, =2.2.7, =2.2.7, =2.1.2,...