BIT-apisix_dashboard-2021-45232

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apisix_dashboard/BIT-apisix_dashboard-2021-45232.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-apisix_dashboard-2021-45232
Aliases
Published
2024-03-06T10:50:33.375Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing the authentication.

References

Affected packages

Bitnami / apisix_dashboard

Package

Name
apisix_dashboard
Purl
pkg:bitnami/apisix_dashboard

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.10.1