CVE-2020-25634

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-25634

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25634.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-25634

Published

2021-05-26T21:15:08.070Z

Modified

2026-03-14T01:39:17.941899Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1880201

Affected packages

Git / github.com/3scale/apicast

Affected ranges

Type

GIT

Repo

https://github.com/3scale/apicast

Events

Introduced

Last affected

bb459e2f01eb14330a01a8476210d925d53c7002

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.0"
        }
    ]
}

Affected versions

v0.*

v0.1

v0.2

Other

v2.*

v2.0.0

v2.0.0-alpha1

v2.0.0-beta1

v2.0.0-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25634.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "2.10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.10.0-NA"
            }
        ]
    }
]