BIT-apisix-2020-13945

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apisix/BIT-apisix-2020-13945.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-apisix-2020-13945

Aliases

CVE-2020-13945

Published

2024-03-06T10:51:26.305Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html
https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2020-13945

Affected packages

Bitnami / apisix

Package

Name: apisix
Purl: pkg:bitnami/apisix

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.2.0

Fixed

1.5.1