WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
References
Link | Resource |
---|---|
https://docs.wso2.com/display/Security/Security+Advisories | Vendor Advisory |
https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process | Vendor Advisory |
https://github.com/wso2/docs-apim/issues/816 | Third Party Advisory |
https://github.com/wso2/product-apim/issues/7677 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-05-20 12:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-13226
Mitre link : CVE-2020-13226
CVE.ORG link : CVE-2020-13226
JSON object : View
Products Affected
wso2
- api_manager
CWE
CWE-918
Server-Side Request Forgery (SSRF)