First published: Thu Sep 17 2020(Updated: )
3scale's API docs URL is accessible without credentials. An attacker could use this flaw to view sensitive information or modify service APIs.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/3scale | <2.10.0 | 2.10.0 |
Redhat 3scale | <2.10.0 | |
Redhat 3scale | =2.10.0 | |
Redhat 3scale Api Management | =2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-25634 is a vulnerability found in Red Hat 3scale’s API docs URL, allowing unauthorized access and potential information disclosure or API modification.
CVE-2020-25634 affects Red Hat 3scale by allowing unauthorized access to the API docs URL without the need for credentials.
CVE-2020-25634 has a severity rating of medium, with a CVSS score of 5.4.
Versions before 3scale-2.10.0-ER1 are affected by CVE-2020-25634.
To fix CVE-2020-25634, upgrade to version 3scale-2.10.0-ER1 or later.