Lucene search
+L

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:10 p.m.9 views

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

6.5CVSS6.7AI score0.72976EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2022/04/20 12:0 a.m.37 views

Apache APISIX 1.2 <= 1.5 Information Disclosure

The version of Apache APISIX installed on the remote host is 1.2 prior to or equal to 1.5. It is, therefore, affected by an information disclosure vulnerability. An authenticated, remote attacker could exploit this to access Apache APISIX management data. Note that Nessus has not tested for these...

6.5CVSS7.2AI score0.72976EPSS
Exploits5References2
Metasploit
Metasploit
added 2022/03/07 5:42 p.m.658 views

APISIX Admin API default access token RCE

Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...

9.8CVSS8.4AI score0.96182EPSS
Exploits18
Packet Storm
Packet Storm
added 2022/03/07 12:0 a.m.710 views

Apache APISIX Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...

9.8CVSS0.96182EPSS
Exploits18
Circl
Circl
added 2020/12/07 10:30 p.m.11 views

CVE-2020-13945

creationtimestamp| type| source ---|---|--- 2020-12-07 22:30:20+00:00| seen| https://t.me/cibsecurity/17209 2022-03-07 15:23:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apacheapisixapidefaulttokenrce.rb 2023-12-18 01:40:59+00:00| seen|...

6.5CVSS6.9AI score0.72976EPSS
Exploits5References4
NVD
NVD
added 2020/12/07 8:15 p.m.34 views

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

6.5CVSS6.4AI score0.72976EPSS
Exploits5References2
OSV
OSV
added 2020/12/07 8:15 p.m.26 views

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

6.5CVSS6.7AI score
Exploits0References2
CVE
CVE
added 2020/12/07 7:4 p.m.127 views

CVE-2020-13945

Apache APISIX 1.2–1.5 are vulnerable when the Admin API is enabled and Admin API access IP restriction rules are removed, allowing the default token to access APISIX management data. The root cause is insufficient protection of credentials leading to unauthorized access. Impact is unauthorized ac...

6.5CVSS6.5AI score0.72976EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2020/12/07 7:4 p.m.41 views

CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...

6.3AI score0.72976EPSS
Exploits5References2
Rows per page
Query Builder