CVE-2020-13945

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13945
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13945.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-13945
Aliases
Published
2020-12-07T20:15:12Z
Modified
2024-05-29T22:41:40Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

References

Affected packages

Git / github.com/apache/apisix

Affected ranges

Type
GIT
Repo
https://github.com/apache/apisix
Events