It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=2004322 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-03-25T18:02:50
Updated: 2022-03-25T18:02:50
Reserved: 2021-09-17T00:00:00
Link: CVE-2021-3814
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-03-25T19:15:09.187
Modified: 2022-04-07T12:22:20.073
Link: CVE-2021-3814
JSON object: View
Redhat Information
No data.
CWE