HIGH🇬🇧 English

CVE-2021-3814

CVSS 7.5v3.1pub. 2022-03-25upd. 2024-11-21

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Red Hat 3scale

    APP
    Redhat
    < 2.11.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-3752HIGH7.1ten sam produkt

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the...

CVE-2021-3412HIGH7.3ten sam produkt

It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could us...

CVE-2019-14836HIGH8.8ten sam produkt

A vulnerability was found that the 3scale dev portal does not employ mechanisms for protection against login C...

CVE-2024-0560MEDIUM6.3ten sam produkt

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_...

CVE-2020-25634MEDIUM5.4ten sam produkt

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allow...