CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
34.2%
github.com/dapr/dapr is vulnerable to Authentication Bypass. The library allows bypassing of API token authentication, which enables an attacker to send unauthorized HTTP requests via the Dapr sidecar
, only impacting users who rely on this authentication method.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/dapr/dapr | le | v1.10.8 | |
github.com/dapr/dapr | le | v1.11.1 | |
github.com/dapr/dapr | le | v1.10.8 | |
github.com/dapr/dapr | le | v1.11.1 |
docs.dapr.io/operations/security/api-token/
github.com/advisories/GHSA-59m6-82qm-vqgj
github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a
github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae
github.com/dapr/dapr/pull/6710
github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj