What is the severity of CVE-2021-33190?

CVE-2021-33190 has a medium severity rating due to its potential to allow unauthorized access.

How do I fix CVE-2021-33190?

To fix CVE-2021-33190, update Apache APISIX Dashboard to version 2.7 or later.

What is the impact of CVE-2021-33190?

The impact of CVE-2021-33190 includes the ability for unauthorized users to access the system if IP restrictions are misconfigured.

Which versions of Apache APISIX Dashboard are affected by CVE-2021-33190?

CVE-2021-33190 affects Apache APISIX Dashboard version 2.6.

What mitigation strategies can be applied for CVE-2021-33190?

Mitigation for CVE-2021-33190 includes reviewing and tightening IP access controls and updating to a secure version.

Vulnerability/
CVE-2021-33190

medium

5.3

CWE

307

8/6/2021

3/8/2024

CVE-2021-33190: Bypass network access control

First published: Tue Jun 08 2021(Updated: )

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1

Credit: security@apache.org

Affected Software	Affected Version	How to fix
Apache APISIX Dashboard	=2.6

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-33190?
CVE-2021-33190 has a medium severity rating due to its potential to allow unauthorized access.
How do I fix CVE-2021-33190?
To fix CVE-2021-33190, update Apache APISIX Dashboard to version 2.7 or later.
What is the impact of CVE-2021-33190?
The impact of CVE-2021-33190 includes the ability for unauthorized users to access the system if IP restrictions are misconfigured.
Which versions of Apache APISIX Dashboard are affected by CVE-2021-33190?
CVE-2021-33190 affects Apache APISIX Dashboard version 2.6.
What mitigation strategies can be applied for CVE-2021-33190?
Mitigation for CVE-2021-33190 includes reviewing and tightening IP access controls and updating to a secure version.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/title
agent/last-modified-date
agent/references
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/source
vendor/apache
canonical/apache apisix dashboard
version/apache apisix dashboard/2.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Frequently Asked Questions

What is the severity of CVE-2021-33190?
CVE-2021-33190 has a medium severity rating due to its potential to allow unauthorized access.
How do I fix CVE-2021-33190?
To fix CVE-2021-33190, update Apache APISIX Dashboard to version 2.7 or later.
What is the impact of CVE-2021-33190?
The impact of CVE-2021-33190 includes the ability for unauthorized users to access the system if IP restrictions are misconfigured.
Which versions of Apache APISIX Dashboard are affected by CVE-2021-33190?
CVE-2021-33190 affects Apache APISIX Dashboard version 2.6.
What mitigation strategies can be applied for CVE-2021-33190?
Mitigation for CVE-2021-33190 includes reviewing and tightening IP access controls and updating to a secure version.