PT-2021-11165 · Red Hat · Red Hat 3Scale

Chess Hazlett

Published

2021-05-26

Updated

2022-10-21

CVE-2020-25634

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat 3scale versions prior to 3scale-2.10.0-ER1

Description: A flaw was found in Red Hat 3scale’s API documentation URL, allowing access without credentials. This issue enables an attacker to view sensitive information or modify service APIs.

Recommendations: For versions prior to 3scale-2.10.0-ER1, update to version 3scale-2.10.0-ER1 or later to resolve the issue. As a temporary workaround, consider restricting access to the API documentation URL to minimize the risk of exploitation.

Fix

Improper Access Control

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-306

Related Identifiers

CVE-2020-25634

Affected Products

Red Hat 3Scale

PT-2021-11165 · Red Hat · Red Hat 3Scale

CVE-2020-25634

Weakness Enumeration

Related Identifiers

Affected Products

References · 3