P0Pr0Ck5

**Name of the Vulnerable Software and Affected Versions** docker-kong versions through 2.0.3 **Description** An issue was discovered where the admin API port may be accessible on interfaces other than 127.0.0.1. The vendor argues that this is not a vulnerability because it has an inaccurate bug scope and patch links, stating that the issue only occurs if a user decides to spin up Kong via docker-compose without following the security documentation. **Recommendations** For docker-kong versions through 2.0.3, follow the security documentation to protect the admin API, specifically by implementing network-layer access restrictions as documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions. Ensure that the admin API port is only accessible on the intended interface, such as 127.0.0.1.