Unauthorized Access via Malformed Basic Authentication in APICast
CVE-2024-10295

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat 3scale Api Management Platform 2
Vendor: CVE Published:; 24 October 2024

Summary

A vulnerability exists in Red Hat's Gateway impacting its ability to authenticate requests correctly. When a non-base64 encoded basic authentication header contains special characters, the APICast service fails to carry out the necessary authentication checks due to an oversight in the base64 decoding process. This flaw enables unauthorized users to access backend systems by circumventing standard authentication mechanisms, exposing critical resources to potential threats.

References

https://access.redhat.com/security/cve/CVE-2024-10295

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2321258

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 24, 2024
Vulnerability Reserved
Oct 23, 2024