Back to bug 2004322
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Chess Hazlett | 2021-09-15 02:08:29 UTC | CC | security-response-team | |
| Chess Hazlett | 2021-09-15 02:11:22 UTC | Blocks | 2004324 | |
| Marian Rehak | 2021-09-17 15:16:34 UTC | Alias | CVE-2021-3814 | |
| Summary | EMBARGOED 3scale: missing validation of access token | EMBARGOED CVE-2021-3814 3scale: missing validation of access token | ||
| Marian Rehak | 2021-09-17 15:27:49 UTC | Blocks | 2005421 | |
| Chess Hazlett | 2021-09-22 19:33:40 UTC | Group | qe_staff, security | |
| Summary | EMBARGOED CVE-2021-3814 3scale: missing validation of access token | CVE-2021-3814 3scale: missing validation of access token | ||
| Marian Rehak | 2022-03-25 08:57:49 UTC | Fixed In Version | 3scale 2.11 | |
| Marian Rehak | 2022-03-25 09:22:56 UTC | Doc Text | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure. | |
| RaTasha Tillery-Smith | 2022-03-25 13:27:54 UTC | Doc Text | It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure. | A flaw was found in 3scale's API docs, where it does not validate the access token. In the case of an invalid token, it uses session auth instead. This issue possibly bypasses access controls and permits unauthorized information disclosure. |
| Red Hat Bugzilla | 2023-05-15 18:09:13 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-07-07 08:28:45 UTC | CC | security-response-team | |
| Assignee | security-response-team | nobody |
Back to bug 2004322