Apache Apisix
Monthly
Sensitive authentication tokens in Apache APISIX OpenID Connect plugin transmit in cleartext when connecting to identity providers, affecting versions 0.7 through 3.15.0. The ssl_verify parameter defaults to false, disabling TLS certificate validation and enabling potential man-in-the-middle interception of authentication credentials. With CVSS 7.5 (High), network-based attackers can intercept confidential data without authentication. EPSS probability is minimal (0.01%, 2nd percentile) with no confirmed active exploitation (CISA KEV absent), indicating theoretical risk despite high CVSS severity.
Apache APISIX 2.99.0 through 3.15.0 transmits sensitive log data in cleartext over HTTP when exporting logs to Tencent Cloud CLS, allowing network-based attackers to intercept and read confidential information without authentication. Vendor-released patch: version 3.16.0. EPSS indicates low real-world exploitation probability (0.01%), though the attack vector is unauthenticated and low-complexity, suggesting availability of automated interception tools rather than active targeted exploitation.
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.
Sensitive authentication tokens in Apache APISIX OpenID Connect plugin transmit in cleartext when connecting to identity providers, affecting versions 0.7 through 3.15.0. The ssl_verify parameter defaults to false, disabling TLS certificate validation and enabling potential man-in-the-middle interception of authentication credentials. With CVSS 7.5 (High), network-based attackers can intercept confidential data without authentication. EPSS probability is minimal (0.01%, 2nd percentile) with no confirmed active exploitation (CISA KEV absent), indicating theoretical risk despite high CVSS severity.
Apache APISIX 2.99.0 through 3.15.0 transmits sensitive log data in cleartext over HTTP when exporting logs to Tencent Cloud CLS, allowing network-based attackers to intercept and read confidential information without authentication. Vendor-released patch: version 3.16.0. EPSS indicates low real-world exploitation probability (0.01%), though the attack vector is unauthenticated and low-complexity, suggesting availability of automated interception tools rather than active targeted exploitation.
Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue.