CVE-2021-3814
HIGH3scale < 2.11.0 - Missing Authorization in APIdocs Token Validation
Title source: llmDescription
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2004322
Scores
CVSS v3
7.5
EPSS
0.0026
EPSS Percentile
49.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (1)
redhat/3scale
< 2.11.0
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026