A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
History

Fri, 08 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 05 Nov 2024 02:30:00 +0000

Type Values Removed Values Added
Metrics threat_severity

Moderate

threat_severity

Important


Mon, 04 Nov 2024 22:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Thu, 24 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 24 Oct 2024 18:00:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE. A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream.
Title Gateway: APICast Basic Auth Bypass via Malformed Base64 HeadersSending non-base64 'basic' auth with special characters causes APICast to incorrectly authenticate a request Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request
First Time appeared Redhat
Redhat red Hat 3scale Amp
CPEs cpe:/a:redhat:red_hat_3scale_amp:2
Vendors & Products Redhat
Redhat red Hat 3scale Amp
References

Thu, 24 Oct 2024 02:30:00 +0000

Type Values Removed Values Added
Title Gateway: APICast Basic Auth Bypass via Malformed Base64 Headers Gateway: APICast Basic Auth Bypass via Malformed Base64 HeadersSending non-base64 'basic' auth with special characters causes APICast to incorrectly authenticate a request

Wed, 23 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
Description No description is available for this CVE.
Title Gateway: APICast Basic Auth Bypass via Malformed Base64 Headers
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N'}

threat_severity

Moderate


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-10-24T17:55:10.314Z

Updated: 2024-11-24T21:11:35.328Z

Reserved: 2024-10-23T10:27:35.174Z

Link: CVE-2024-10295

cve-icon Vulnrichment

Updated: 2024-10-24T18:21:53.937Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-24T18:15:05.597

Modified: 2024-11-12T21:15:10.657

Link: CVE-2024-10295

cve-icon Redhat

Severity : Important

Publid Date: 2024-10-23T00:00:00Z

Links: CVE-2024-10295 - Bugzilla