BIT-apisix_dashboard-2021-33190

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apisix_dashboard/BIT-apisix_dashboard-2021-33190.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-apisix_dashboard-2021-33190
Aliases
Published
2024-03-06T10:50:45.482Z
Modified
2025-05-20T10:02:07.006Z
Summary
Bypass network access control
Details

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:apisix_dashboard:2.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:apisix_dashboard:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / apisix_dashboard

Package

Name
apisix_dashboard
Purl
pkg:bitnami/apisix_dashboard

Severity

  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.6.0
Fixed
2.6.1