Bug 1954805 (CVE-2021-3523)
| Summary: | CVE-2021-3523 apicast: permits auth bypass with connection reuse | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Chess Hazlett <chazlett> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | amackenz, amasferr, chazlett, drieden, mkudlej, security-response-team, tjochec |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 3scale-apicast 2.11.0 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in 3Scale APICast, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-04-26 22:45:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1954779, 1955261 | ||
|
Description
Chess Hazlett
2021-04-28 19:13:59 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3523 |