A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208.
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2018-04-19T20:00:00
Updated: 2024-11-29T15:14:44.123Z
Reserved: 2017-11-27T00:00:00
Link: CVE-2018-0269
Vulnrichment
Updated: 2024-08-05T03:21:15.269Z
NVD
Status : Modified
Published: 2018-04-19T20:29:01.580
Modified: 2024-11-21T03:37:51.050
Link: CVE-2018-0269
Redhat
No data.