What is CVE-2020-25634?

CVE-2020-25634 is a medium-severity vulnerability in Redhat 3scale, classified under Improper Access Control. CVSS score: 5.4/10. Published 2021-05-26.

How severe is CVE-2020-25634?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Is CVE-2020-25634 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Redhat 3scale

CVE-2020-25634

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.

EPSS: 0.005 (39.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.

Affected products

Redhat 3scale — versions 2.10.0
Redhat 3scale_api_management — versions 2.0
N/a 3scale-system — versions before 3scale-2.10.0-ER1

Weakness classification (CWE)

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-25634

References

secalert@redhat.com (x_refsource_MISC, Issue Tracking, Vendor Advisory)

Frequently asked questions

What is CVE-2020-25634?: CVE-2020-25634 is a medium-severity vulnerability in Redhat 3scale, classified under Improper Access Control. CVSS score: 5.4/10. Published 2021-05-26.
How severe is CVE-2020-25634?: Medium severity. CVSS v3 base score is 5.4 out of 10.
Is CVE-2020-25634 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.