CVE-2022-24112
Apache APISIX Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
10Exploited in Wild
YesDecision
Descriptions
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
Un atacante puede abusar del plugin batch-requests para enviar peticiones para omitir la restricción de IP de la API de administración. Una configuración por defecto de Apache APISIX (con la clave API por defecto) es vulnerable a una ejecución de código remota. Cuando ha sido cambiada la clave de administración o ha sido cambiado el puerto de la API de administración a un puerto diferente al del panel de datos, el impacto es menor. Pero todavía se presenta el riesgo de omitir la restricción de IP del panel de datos de Apache APISIX. Se presenta una comprobación en el plugin de peticiones por lotes que anula la IP del cliente con su IP remota real. Pero debido a un error en el código, esta comprobación puede ser omitida
Apache APISIX version 2.12.1 suffers from a remote code execution vulnerability.
Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-28 CVE Reserved
- 2022-02-11 CVE Published
- 2022-02-22 First Exploit
- 2022-08-25 Exploited in Wild
- 2022-09-15 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-10-27 EPSS Updated
CWE
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (15)
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94 | 2022-05-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Apisix Search vendor "Apache" for product "Apisix" | < 2.10.4 Search vendor "Apache" for product "Apisix" and version " < 2.10.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Apisix Search vendor "Apache" for product "Apisix" | >= 2.11.0 < 2.12.1 Search vendor "Apache" for product "Apisix" and version " >= 2.11.0 < 2.12.1" | - |
Affected
|