Lucene search
China National Vulnerability DatabaseCNVD-2022-62078HistoryJun 11, 2021 - 12:00 a.m.
Apache APISIX Access Control Error Vulnerability
2021-06-1100:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
apache apisix
microservices
api gateway
security vulnerability
ip restriction
network bypass
version 2.6
dashboard
EPSS
0.002
Percentile
58.7%
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plugin hot-loading, suitable for API management under the microservices architecture. APISIX Dashboard has a security vulnerability in version 2.6, which stems from the use of a risky function to obtain an IP in the IP Allowed List restriction, which could be exploited by an attacker to bypass network restrictions.
Related
osv
osv
BIT-apisix_dashboard-2021-33190
2024-03-06 10:50:45
CVE-2021-33190
2021-06-08 15:15:08
nessus
nessus
Apache APISIX Dashboard 2.6 < 2.6.1 Authentication Bypass
2022-06-09 00:00:00
nvd
nvd
CVE-2021-33190
2021-06-08 15:15:08
prion
prion
Default credentials
2021-06-08 15:15:00
cvelist
cvelist
CVE-2021-33190 Bypass network access control
2021-06-08 15:05:11
cve
cve
CVE-2021-33190
2021-06-08 15:15:08