BIT-apisix_dashboard-2021-45232

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/apisix_dashboard/BIT-apisix_dashboard-2021-45232.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-apisix_dashboard-2021-45232

Aliases

CVE-2021-45232

Published

2024-03-06T10:50:33.375Z

Modified

2025-04-03T14:40:37.652Z

Summary

[none]

Details

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet on the basis of framework gin, all APIs and authentication middleware are developed based on framework droplet, but some API directly use the interface of framework gin thus bypassing the authentication.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:apisix_dashboard:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}

References

Affected packages

Bitnami / apisix_dashboard

Package

Name: apisix_dashboard
Purl: pkg:bitnami/apisix_dashboard

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.1