3scale's API docs URL is accessible without credentials. An attacker could use this flaw to view sensitive information or modify service APIs.