Metrics
Affected Vendors & Products
Fri, 08 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
ssvc
|
Tue, 05 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
threat_severity
|
threat_severity
|
Mon, 04 Nov 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 24 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 | |
Metrics |
ssvc
|
Thu, 24 Oct 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue can occur due to a failure in the base64 decoding process, which causes APICast to skip the rest of the authentication checks and proceed with routing the request upstream. |
Title | Gateway: APICast Basic Auth Bypass via Malformed Base64 HeadersSending non-base64 'basic' auth with special characters causes APICast to incorrectly authenticate a request | Gateway: apicast basic auth bypass via malformed base64 headerssending non-base64 'basic' auth with special characters causes apicast to incorrectly authenticate a request |
First Time appeared |
Redhat
Redhat red Hat 3scale Amp |
|
CPEs | cpe:/a:redhat:red_hat_3scale_amp:2 | |
Vendors & Products |
Redhat
Redhat red Hat 3scale Amp |
|
References |
|
Thu, 24 Oct 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | Gateway: APICast Basic Auth Bypass via Malformed Base64 Headers | Gateway: APICast Basic Auth Bypass via Malformed Base64 HeadersSending non-base64 'basic' auth with special characters causes APICast to incorrectly authenticate a request |
Wed, 23 Oct 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | Gateway: APICast Basic Auth Bypass via Malformed Base64 Headers | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published: 2024-10-24T17:55:10.314Z
Updated: 2024-11-24T21:11:35.328Z
Reserved: 2024-10-23T10:27:35.174Z
Link: CVE-2024-10295
Updated: 2024-10-24T18:21:53.937Z
Status : Awaiting Analysis
Published: 2024-10-24T18:15:05.597
Modified: 2024-11-12T21:15:10.657
Link: CVE-2024-10295