CVE-2020-13945

Description

In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5.

NVD
Severity: MEDIUM
CVE ID: CVE-2020-13945
CVSS Score: 6.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-13945

Refrence: Project Discovery GitHub

YutuSec

Apisix系列漏洞：未授权漏洞（CVE-2021-45232）、默认秘钥（CVE-2020-13945）批量探测。

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept