Vulnerability: Apache APISIX - Insufficiently Protected Credentials

Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.

Impact

The vulnerability could result in unauthorized access to sensitive information, leading to potential data breaches or unauthorized actions.

Severity

medium

Verified

Unknown