Severity
High
Analysis Summary
CVE-2021-45232
Apache APISIX Dashboard could allow a remote attacker to bypass security restrictions, caused by improper authentication validation by the Manager API. By sending a specially-crafted request using the interface of framework “gin”, an attacker could exploit this vulnerability to bypass authentication.
Impact
- Security Bypass
Affected Vendors
Apache
Affected Products
- Apache APISIX Dashboard 2.10
Remediation
Upgrade to the latest version of Apache APISIX, available from the apisix-dashboard GIT Repository.