What is CVE-2021-45232?

CVE-2021-45232 is a vulnerability in Apache Software Foundation Apisix Dashboard, classified under Missing Authentication for Critical Function. Published 2021-12-27.

Is CVE-2021-45232 known to be exploited?

67 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Apache Software Foundation Apisix Dashboard

CVE-2021-45232

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces framework `droplet` on the basis of framework `gin`, all APIs and authentication middleware are developed based on framework `droplet`, but some A…

Vulnerability class: Broken Authentication

EPSS: 0.937 (99.9th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Apisix Dashboard — versions 2.7 and 2.7.1, 2.8, 2.9

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

Public proof-of-concept exploits

References

lists.apache.org/thread/979qbl6vlm8269fopfyygnxofgqyn6k5 (x_refsource_MISC)
[oss-security] 20211227 CVE-2021-45232: Apache APISIX Dashboard: security vulnerability on unauthorized access (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2021-45232?: CVE-2021-45232 is a vulnerability in Apache Software Foundation Apisix Dashboard, classified under Missing Authentication for Critical Function. Published 2021-12-27.
Is CVE-2021-45232 known to be exploited?: 67 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.