var-202202-0171
Vulnerability from variot
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. Apache APISIX Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. The vulnerability stems from the fact that the batch-requests plugin of the product does not effectively limit the user's batch requests
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202202-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "apisix",
"scope": "lt",
"trust": 1.6,
"vendor": "apache",
"version": "2.10.4"
},
{
"model": "apisix",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "2.11.0"
},
{
"model": "apisix",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "2.12.1"
},
{
"model": "apisix",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "apisix",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "apisix",
"scope": "gte",
"trust": 0.6,
"vendor": "apache",
"version": "2.11.0,\u003c2.12.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "NVD",
"id": "CVE-2022-24112"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.12.1",
"versionStartIncluding": "2.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.10.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ven3xy",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
],
"trust": 0.6
},
"cve": "CVE-2022-24112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2022-24112",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-12799",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-24112",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24112",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-12799",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202202-1030",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2022-24112",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX\u0027s data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. Apache APISIX Exists in spoofing authentication evasion vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. The vulnerability stems from the fact that the batch-requests plugin of the product does not effectively limit the user\u0027s batch requests",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "VULMON",
"id": "CVE-2022-24112"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24112",
"trust": 3.9
},
{
"db": "PACKETSTORM",
"id": "166328",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "166228",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2022/02/11/3",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-12799",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022021408",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030040",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2022030068",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "50829",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1030",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-24112",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"id": "VAR-202202-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
}
]
},
"last_update_date": "2023-12-18T12:49:23.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "apisix/batch-requests\u00a0plugin\u00a0allows\u00a0overwriting\u00a0the\u00a0X-REAL-IP\u00a0header",
"trust": 0.8,
"url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94"
},
{
"title": "Patch for Apache Apisix Remote Code Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/321071"
},
{
"title": "Apache APISIX Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181993"
},
{
"title": "CVE-2022-24112",
"trust": 0.1,
"url": "https://github.com/udyz/cve-2022-24112 "
},
{
"title": "CVE-2022-24112",
"trust": 0.1,
"url": "https://github.com/mah1ndra/cve-2022-24112 "
},
{
"title": "Apache-APISIX-CVE-2022-24112",
"trust": 0.1,
"url": "https://github.com/m4xsec/apache-apisix-cve-2022-24112 "
},
{
"title": "cve-2022-24112",
"trust": 0.1,
"url": "https://github.com/twseptian/cve-2022-24112 "
},
{
"title": "CVE-2022-24112",
"trust": 0.1,
"url": "https://github.com/shakeman8/cve-2022-24112 "
},
{
"title": "CVE-2022-244112",
"trust": 0.1,
"url": "https://github.com/mah1ndra/cve-2022-244112 "
},
{
"title": "CVE-2022-24112-POC",
"trust": 0.1,
"url": "https://github.com/kavishkagihan/cve-2022-24112-poc "
},
{
"title": "CVE-2022-24112",
"trust": 0.1,
"url": "https://github.com/mr-xn/cve-2022-24112 "
},
{
"title": "CVE-2022-24112",
"trust": 0.1,
"url": "https://github.com/axx8/cve-2022-24112 "
},
{
"title": "Apache-APISIX-dashboard-RCE",
"trust": 0.1,
"url": "https://github.com/greetdawn/apache-apisix-dashboard-rce "
},
{
"title": "FrameVul",
"trust": 0.1,
"url": "https://github.com/awrrays/framevul "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/soosmile/poc "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "NVD",
"id": "CVE-2022-24112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/166228/apache-apisix-remote-code-execution.html"
},
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/166328/apache-apisix-2.12.1-remote-code-execution.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-24112"
},
{
"trust": 1.7,
"url": "https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2022/02/11/3"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/50829"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030040"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022021408"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2022030068"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/290.html"
},
{
"trust": 0.1,
"url": "https://github.com/udyz/cve-2022-24112"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"date": "2022-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"date": "2023-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"date": "2022-02-11T13:15:08.073000",
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"date": "2022-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-12799"
},
{
"date": "2022-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24112"
},
{
"date": "2023-06-05T09:23:00",
"db": "JVNDB",
"id": "JVNDB-2022-005565"
},
{
"date": "2022-05-11T14:58:01.343000",
"db": "NVD",
"id": "CVE-2022-24112"
},
{
"date": "2022-03-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0APISIX\u00a0 Spoofing authentication evasion vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-005565"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202202-1030"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.