CVE-2020-13945

Summary

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache APISIX1.2affected
Apache Software FoundationApache APISIX1.3affected
Apache Software FoundationApache APISIX1.4affected
Apache Software FoundationApache APISIX1.5affected

Weaknesses

  • Admin API default access token vulnerability

ADP Enrichment

CVE Program Container

Additional References

References