REDHAT-BUG-1875553
First published: Thu Sep 03 2020(Updated: )
It was found that member permissions for an API's admin portal in 3scale were not properly enforced. An authenticated user could use this flaw to bypass normal account restrictions and access API services they do not have permissions for.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat 3scale |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-1875553?
The severity of REDHAT-BUG-1875553 is critical due to the potential unauthorized access to API services.
How do I fix REDHAT-BUG-1875553?
To fix REDHAT-BUG-1875553, ensure that proper member permissions are enforced in the 3scale API admin portal.
Who is affected by REDHAT-BUG-1875553?
Users of Red Hat 3scale are affected by REDHAT-BUG-1875553 if they allow inadequate permission settings on their API services.
What are the potential risks of REDHAT-BUG-1875553?
The potential risks of REDHAT-BUG-1875553 include unauthorized access to sensitive API services, leading to data breaches.
Is there any workaround for REDHAT-BUG-1875553?
As a temporary workaround for REDHAT-BUG-1875553, review and manually enforce permissions for API services until a patch is applied.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14388
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/red hat
- canonical/red hat 3scale