Description

The Kong Gateway provides API for accessing various information and configuring it. Acunetix determined that it was possible to access this API without authentication.

Remediation

Restrict access to the Kong Gateway API interface

Related Vulnerabilities

Jenkins Git Plugin missing permission check (CVE-2022-36883)

Unicode Transformation (Best-Fit Mapping)

Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-3562)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3736)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-1686)

Severity

High

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Tags

Configuration