Eb-Oss

**Name of the Vulnerable Software and Affected Versions** EdgeXFoundry versions prior to 2.1.1 **Description** The `/api/v2/config` endpoint exposes message bus credentials to local unauthenticated users, bypassing access controls on message bus credentials when running in security-enabled mode. This allows attackers to intercept data or inject fake data into the EdgeX message bus. **Recommendations** For EdgeXFoundry versions prior to 2.1.1, upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. As a temporary workaround, consider restricting access to the `/api/v2/config` endpoint until a patch is available. For specific go modules, docker containers, and snaps, refer to the GitHub Security Advisory for patch information.