漏洞描述
Apache APISIX 是一个高性能全动态的云原生API 网关,该网关存在未授权访问接口,攻击者无需登录 Apache APISIX Dashboard即可访问某些接口,从而进行未授权更改或获取 Apache APISIX Route、Upstream、Service 等相关配置信息,并造成SSRF、攻击者搭建恶意流量代理和任意代码执行等问题。
Apache APISIX Dashboard 未授权访问漏洞(CVE-2021-45232)
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-13945: Apache APISIX - Insufficiently Protected Credentials
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC CVE-2022-24112: Apache APISIX - Remote Code Execution
- POC CVE-2020-13945: Apache APISIX 默认密钥漏洞
- POC CVE-2021-45232: Apache APISIX Dashboard <2.10.1 - API Unauthorized Access
- POC CVE-2022-24112: Apache APISIX apisix/batch-requests RCE
- POC apisix-default-login: Apache Apisix Default Admin Login
- POC apisix-default-login: Apache Apisix Admin - Default Login
- Apache APISIX 默认token远程代码执行漏洞
- Apache APISIX 默认token远程代码执行漏洞
- Apache APISIX 环境问题漏洞
- Apache APISIX Dashboard CVE-2021-45232 未授权访问漏洞
- Apache APISIX Dashboard CVE-2021-45232 未授权访问漏洞