Описание
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
A flaw was found in 3scale's API docs, where it does not validate the access token. In the case of an invalid token, it uses session auth instead. This issue possibly bypasses access controls and permits unauthorized information disclosure.
Дополнительная информация
Статус:
6.3 Medium
CVSS3
Связанные уязвимости
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
6.3 Medium
CVSS3