First published: Wed Sep 15 2021(Updated: )
It was found that 3scale's APIdocs does not validate the access token in the case of invalid token; instead it uses session auth. This conceivably bypasses access controls and permits viewing unauthorized information.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat 3scale | <2.11.0 | |
redhat/3scale | <2.11 | 2.11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3814 is a vulnerability found in 3scale's APIdocs that allows unauthorized information disclosure due to the lack of access token validation.
CVE-2021-3814 affects Red Hat 3scale versions up to and excluding 2.11.0.
CVE-2021-3814 has a severity rating of 7.5 (high).
Unauthorized access can be achieved through CVE-2021-3814 by bypassing access controls and using session authentication instead of validating the access token.
Yes, a fix is available for CVE-2021-3814 in Red Hat 3scale version 2.11.