CVE-2020-25634
First published: Thu Sep 17 2020(Updated: )
3scale's API docs URL is accessible without credentials. An attacker could use this flaw to view sensitive information or modify service APIs.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/3scale | <2.10.0 | 2.10.0 |
| Redhat 3scale | <2.10.0 | |
| Redhat 3scale | =2.10.0 | |
| Redhat 3scale Api Management | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-25634?
CVE-2020-25634 is a vulnerability found in Red Hat 3scale’s API docs URL, allowing unauthorized access and potential information disclosure or API modification.
How does CVE-2020-25634 affect Red Hat 3scale?
CVE-2020-25634 affects Red Hat 3scale by allowing unauthorized access to the API docs URL without the need for credentials.
What is the severity of CVE-2020-25634?
CVE-2020-25634 has a severity rating of medium, with a CVSS score of 5.4.
Which versions of Red Hat 3scale are affected by CVE-2020-25634?
Versions before 3scale-2.10.0-ER1 are affected by CVE-2020-25634.
How can I fix CVE-2020-25634?
To fix CVE-2020-25634, upgrade to version 3scale-2.10.0-ER1 or later.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-25634
- agent/software-canonical-lookup
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- vendor/redhat
- canonical/redhat 3scale
- version/redhat 3scale/2.10.0
- canonical/redhat 3scale api management
- version/redhat 3scale api management/2.0
- package-manager/redhat