CVE-2021-33190

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-33190
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33190.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-33190
Aliases
Published
2021-06-08T15:15:08Z
Modified
2025-01-14T09:16:03.067968Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1

References

Affected packages

Git / github.com/apache/apisix-dashboard

Affected ranges

Type
GIT
Repo
https://github.com/apache/apisix-dashboard
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bb7598dc4104beacc0a00dddfe9aac3a6022121d

Affected versions

0.*

0.9

1.*

1.0@vue.js
1.0_vue.js

v2.*

v2.1.1-rc1
v2.6