cnvd - cnvd-2022-62078

cnvd-2022-62078

Vulnerability from cnvd

Title: Apache APISIX访问控制错误漏洞

Description:

Apache Apisix是美国阿帕奇（Apache）基金会的一个云原生的微服务API网关服务。该软件基于 OpenResty 和 etcd 来实现，具备动态路由和插件热加载，适合微服务体系下的 API 管理。

APISIX Dashboard在2.6版本中存在安全漏洞，该漏洞源于在IP允许列表限制中，使用了一个风险函数来获取IP，攻击者可能利用该漏洞绕过网络限制。

Severity: 中

Patch Name: Apache APISIX访问控制错误漏洞的补丁

Patch Description:

APISIX Dashboard在2.6版本中存在安全漏洞，该漏洞源于在IP允许列表限制中，使用了一个风险函数来获取IP，攻击者可能利用该漏洞绕过网络限制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-33190

Impacted products

Name
Apache Apache APISIX 2.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-33190",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-33190"
    }
  },
  "description": "Apache Apisix\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e91\u539f\u751f\u7684\u5fae\u670d\u52a1API\u7f51\u5173\u670d\u52a1\u3002\u8be5\u8f6f\u4ef6\u57fa\u4e8e OpenResty \u548c etcd \u6765\u5b9e\u73b0\uff0c\u5177\u5907\u52a8\u6001\u8def\u7531\u548c\u63d2\u4ef6\u70ed\u52a0\u8f7d\uff0c\u9002\u5408\u5fae\u670d\u52a1\u4f53\u7cfb\u4e0b\u7684 API \u7ba1\u7406\u3002\n\nAPISIX Dashboard\u57282.6\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728IP\u5141\u8bb8\u5217\u8868\u9650\u5236\u4e2d\uff0c\u4f7f\u7528\u4e86\u4e00\u4e2a\u98ce\u9669\u51fd\u6570\u6765\u83b7\u53d6IP\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u7f51\u7edc\u9650\u5236\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-62078",
  "openTime": "2022-09-07",
  "patchDescription": "Apache Apisix\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u4e2a\u4e91\u539f\u751f\u7684\u5fae\u670d\u52a1API\u7f51\u5173\u670d\u52a1\u3002\u8be5\u8f6f\u4ef6\u57fa\u4e8e OpenResty \u548c etcd \u6765\u5b9e\u73b0\uff0c\u5177\u5907\u52a8\u6001\u8def\u7531\u548c\u63d2\u4ef6\u70ed\u52a0\u8f7d\uff0c\u9002\u5408\u5fae\u670d\u52a1\u4f53\u7cfb\u4e0b\u7684 API \u7ba1\u7406\u3002\r\n\r\nAPISIX Dashboard\u57282.6\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728IP\u5141\u8bb8\u5217\u8868\u9650\u5236\u4e2d\uff0c\u4f7f\u7528\u4e86\u4e00\u4e2a\u98ce\u9669\u51fd\u6570\u6765\u83b7\u53d6IP\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u7f51\u7edc\u9650\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache APISIX\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache APISIX 2.6"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-33190",
  "serverity": "\u4e2d",
  "submitTime": "2021-06-11",
  "title": "Apache APISIX\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2021-33190 (GCVE-0-2021-33190)

Vulnerability from cvelistv5

Published

2021-06-08 15:05

Modified

2024-08-03 23:42

Severity ?

CWE

CWE-307 - Improper Restriction of Excessive Authentication Attempts

Summary

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1

References

▼	URL	Tags
	https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E	x_refsource_MISC
	https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/06/08/4	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache APISIX Dashboard	Version: Apache APISIX Dashboard 2.6 2.6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:20.273Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E"
          },
          {
            "name": "[apisix-dev] 20210608 CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210608 CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/06/08/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache APISIX Dashboard",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache APISIX Dashboard 2.6 2.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "important"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-307",
              "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-08T17:06:25",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E"
        },
        {
          "name": "[apisix-dev] 20210608 CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210608 CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/06/08/4"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Bypass network access control",
      "workarounds": [
        {
          "lang": "en",
          "value": "1. Change the account password after installation, do not use the default password.\n2. Upgrade to 2.6.1 or newer.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-33190",
          "STATE": "PUBLIC",
          "TITLE": "Bypass network access control"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache APISIX Dashboard",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Apache APISIX Dashboard 2.6",
                            "version_value": "2.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "important"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-307 Improper Restriction of Excessive Authentication Attempts"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049%40%3Cdev.apisix.apache.org%3E"
            },
            {
              "name": "[apisix-dev] 20210608 CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re736aea55e8fd2478f0739c0c38a9375c4204fc1f0bd1ea687f57049@%3Cdev.apisix.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210608 CVE-2021-33190: Apache APISIX Dashboard: Bypass network access control",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/06/08/4"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "1. Change the account password after installation, do not use the default password.\n2. Upgrade to 2.6.1 or newer.\n\n"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-33190",
    "datePublished": "2021-06-08T15:05:11",
    "dateReserved": "2021-05-19T00:00:00",
    "dateUpdated": "2024-08-03T23:42:20.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted