CVE-2020-13945

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:02

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry
References () https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E - Mailing List, Patch, Vendor Advisory () https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E - Mailing List, Patch, Vendor Advisory

19 Apr 2022, 15:43

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - (MISC) http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry

10 Mar 2022, 17:41

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html -

Information

Published : 2020-12-07 20:15

Updated : 2024-11-21 05:02


NVD link : CVE-2020-13945

Mitre link : CVE-2020-13945

CVE.ORG link : CVE-2020-13945


JSON object : View

Products Affected

apache

  • apisix