CVE-2020-13945

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2 through 1.5

Description The issue arises when the Admin API is enabled and the Admin API access IP restriction rules are deleted in Apache APISIX. This allows the default token to access APISIX management data.

Recommendations For versions 1.2 through 1.5, restrict access to the Admin API by reconfiguring the IP restriction rules to prevent unauthorized access to management data. As a temporary workaround, consider disabling the Admin API until a more secure configuration can be implemented. Restrict the use of the default token to minimize the risk of exploitation.