In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E | Mailing List Patch Vendor Advisory |
http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E | Mailing List Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 05:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E - Mailing List, Patch, Vendor Advisory |
19 Apr 2022, 15:43
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/166228/Apache-APISIX-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
10 Mar 2022, 17:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-12-07 20:15
Updated : 2024-11-21 05:02
NVD link : CVE-2020-13945
Mitre link : CVE-2020-13945
CVE.ORG link : CVE-2020-13945
JSON object : View
Products Affected
apache
- apisix
CWE