Apache

Apisix

25 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.33%
  • Veröffentlicht 19.06.2026 13:19:34
  • Zuletzt bearbeitet 23.06.2026 15:18:52

Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself with credentials from a different source. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. ...

  • EPSS 0.23%
  • Veröffentlicht 19.06.2026 13:18:36
  • Zuletzt bearbeitet 23.06.2026 15:20:01

Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenti...

  • EPSS 0.41%
  • Veröffentlicht 19.06.2026 13:17:23
  • Zuletzt bearbeitet 23.06.2026 15:16:35

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users a...

  • EPSS 0.3%
  • Veröffentlicht 19.06.2026 13:16:29
  • Zuletzt bearbeitet 23.06.2026 15:17:01

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0...

  • EPSS 0.36%
  • Veröffentlicht 19.06.2026 13:14:52
  • Zuletzt bearbeitet 23.06.2026 15:18:30

Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-default configuration in opa plugin. This could allow the attacker to assume higher privileges on the up...

  • EPSS 0.23%
  • Veröffentlicht 19.06.2026 13:13:38
  • Zuletzt bearbeitet 23.06.2026 15:17:42

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass.  This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommen...

  • EPSS 0.3%
  • Veröffentlicht 19.06.2026 13:12:33
  • Zuletzt bearbeitet 23.06.2026 15:11:29

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. ...

  • EPSS 0.17%
  • Veröffentlicht 19.06.2026 13:11:17
  • Zuletzt bearbeitet 23.06.2026 15:11:13

Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized a...

  • EPSS 0.24%
  • Veröffentlicht 19.06.2026 13:10:04
  • Zuletzt bearbeitet 23.06.2026 15:11:58

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1...

  • EPSS 0.21%
  • Veröffentlicht 19.06.2026 13:09:01
  • Zuletzt bearbeitet 23.06.2026 15:10:22

Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules. This issu...