CVE-2020-25634
MEDIUMRed Hat 3scale < 2.10.0 - Unauthenticated Sensitive Information Exposure via API Docs URL
Title source: llmDescription
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This flaw allows an attacker to view sensitive information or modify service APIs. Versions before 3scale-2.10.0-ER1 are affected.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1880201
Scores
CVSS v3
5.4
EPSS
0.0011
EPSS Percentile
28.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-284
CWE-306
Status
published
Products (3)
redhat/3scale
2.10.0
redhat/3scale
< 2.10.0
redhat/3scale_api_management
2.0
Published
May 26, 2021
Tracked Since
Feb 18, 2026