Main Vulnerability Database Exploits ID:8338 - Exploit for Improper Authentication in Apache APISIX - CVE-2021-45232

ID:8338 - Exploit for Improper Authentication in Apache APISIX - CVE-2021-45232

Published: September 4, 2022

Vulnerability identifier: #VU59095

Vulnerability risk: High

CVE-ID: CVE-2021-45232

CWE-ID: CWE-287

Exploitation vector: Remote access

Vulnerable software:
Apache APISIX

Link to public exploit:

https://github.com/dskho/CVE-2021-45232

Vulnerability description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in the Manager API. A remote attacker can bypass authentication process and gain unauthorized access to the application via certain API endpoints, that use directly "gin" framework instead of "droplet" framework.

Remediation

Install updates from vendor's website.

ID:8338 - Exploit for Improper Authentication in Apache APISIX - CVE-2021-45232

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human