PT-2024-7496 · Red Hat · Red Hat 3Scale Api Management
Published
2024-10-23
·
Updated
2025-06-18
·
CVE-2024-10295
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Red Hat 3scale API Management (affected versions not specified)
Description:
A flaw in the authentication mechanism of Red Hat 3scale API Management allows unauthorized access to the backend. This occurs when a non-base64 'basic' auth with special characters is sent, causing the APICast to incorrectly authenticate the request. The issue is due to a failure in the base64 decoding process, which skips the rest of the authentication checks and proceeds with routing the request upstream. A malformed basic authentication header containing special characters can bypass authentication.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat 3Scale Api Management