GHSA-54r5-wr8x-x5v3 – io.apiman:apiman-manager-api-rest-impl

Package

Manager: maven
Name: io.apiman:apiman-manager-api-rest-impl
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVSS v4.0: N/A

EPSS: N/A pctlN/A

Details

Duplicate Advisory: Apiman has insufficient checks for read permissions ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j94p-hv25-rm5g. This link is maintained to preserve external references. ## Original Description Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. A malicious user may be able to find and subscribe to private APIs they do not have permission for, thus accessing API Management-protected resources they should not be allowed to access. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.

Metadata

Created: 2022-12-20T00:30:27Z
Modified: 2024-10-07T21:00:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-54r5-wr8x-x5v3/GHSA-54r5-wr8x-x5v3.json
CWE IDs: ["CWE-276", "CWE-280"]
Alternative ID: N/A
Finding: N/A
Auto approve: 0