CVE-2020-13945

MEDIUM6.5EPSS 93.4%

發布日:2024/3/6修改日:2025/4/3

也稱為:BIT-apisix-2020-13945

描述

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

受影響套件(1)

Bitnami/apisix>= 1.2.0, < 1.5.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(3)

WEBhttp://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html
WEBhttps://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-13945