CVE-2020-13945: Apache APISIX's Admin API default access token vulnerability
Severity: low Vendor: The Apache Software Foundation Versions Affected: APISIX 1.2, 1.3, 1.4, 1.5. Description: The user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. Mitigation: APISIX 1.2 ~ 1.5 upgrade to 2.0 Or users can apply this patch: https://github.com/apache/apisix/pull/2244 Credit: This issue was discovered by "国家信息安全漏洞共享平台". -- *MembPhis* My GitHub: https://github.com/membphis Apache APISIX: https://github.com/apache/apisix
