Описание
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.11.0 (исключая)
cpe:2.3:a:redhat:3scale:*:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00263
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 6.3
redhat
больше 4 лет назад
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
CVSS3: 7.5
github
почти 4 года назад
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
EPSS
Процентиль: 49%
0.00263
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-862
CWE-862