Lucene search
Veracode Vulnerability DatabaseVERACODE:29147HistoryJan 27, 2021 - 4:23 a.m.
Authorization Bypass
2021-01-2704:23:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.003 Low
EPSS
Percentile
69.6%
github.com/apache/trafficcontrol is vulnerable to authorization bypass. The vulnerability exists through the mid tier cache where ip_allow.config files can include permissions to push or remove arbitrary content into the CDN cache servers.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/apache/trafficcontrol | le | RELEASE-4.1.0 | |
| github.com/apache/trafficcontrol | le | RELEASE-3.1.0 |
References
github.com/apache/trafficcontrol/commit/817a702a9de6169c86e30cd70304af380a8e9dc6
lists.apache.org/thread.html/r3c675031ac220b5eae64a9c84a03ee60045c6045738607dca4a96cb8@%3Ccommits.trafficcontrol.apache.org%3E
lists.apache.org/thread.html/r3de212a3da73bcf98fa2db7eafb75b2eb8e131ff466e6efc4284df09%40%3Cdev.trafficcontrol.apache.org%3E
lists.apache.org/thread.html/rc8bfd7d4f71d61e9193efcd4699eccbab3c202ec1d75ed9d502f08bf@%3Ccommits.trafficcontrol.apache.org%3E
Related
cve
cve
CVE-2020-17522
2021-01-26 18:15:40
nvd
nvd
CVE-2020-17522
2021-01-26 18:15:40
github
github
Cache Manipulation Attack in Apache Traffic Control
2021-06-18 22:04:32
gitlab
gitlab
Incorrect Permission Assignment for Critical Resource
2021-01-26 00:00:00
Incorrect Permission Assignment for Critical Resource
2021-12-16 00:00:00
osv
osv
Cache Manipulation Attack in Apache Traffic Control
2021-06-18 22:04:32
CVE-2020-17522
2021-01-26 18:15:40
cvelist
cvelist
CVE-2020-17522
2021-01-26 12:42:07
prion
prion
Code injection
2021-01-26 18:15:00