Описание
Duplicate Advisory: Apiman has insufficient checks for read permissions
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-j94p-hv25-rm5g. This link is maintained to preserve external references.
Original Description
Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. A malicious user may be able to find and subscribe to private APIs they do not have permission for, thus accessing API Management-protected resources they should not be allowed to access. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.
Пакеты
io.apiman:apiman-manager-api-rest-impl
>= 1.5.7, <= 2.2.3.Final
3.0.0.Final
7.1 High
CVSS3
Дефекты
7.1 High
CVSS3