Homepage

io.apiman:apiman-manager-api-rest-impl@2.2.0.Final vulnerabilities

  • latest version

    3.1.3.Final

  • latest non vulnerable version

    3.1.3.Final

  • first published

    10 years ago

  • latest version published

    1 years ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the io.apiman:apiman-manager-api-rest-impl package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Information Exposure

    Affected versions of this package are vulnerable to Information Exposure due to a missing permissions check, which allows attackers with an authenticated Apiman Manager account to gain access to API keys they do not have permission for, if they correctly guess the URL. The URL includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource, and each of these can have arbitrary values. While not trivial to exploit, it could be achieved by brute-forcing or guessing common names.

    Note: This issue does not affect the Apiman Gateway.

    How to fix Information Exposure?

    Upgrade io.apiman:apiman-manager-api-rest-impl to version 3.1.1.Final or higher.

    [0,3.1.1.Final)
    • M
    Incorrect Default Permissions

    Affected versions of this package are vulnerable to Incorrect Default Permissions which allows unauthorized users to access information on organizations to which they do not belong.

    How to fix Incorrect Default Permissions?

    Upgrade io.apiman:apiman-manager-api-rest-impl to version 3.0.0.Final or higher.

    [1.5.7.Final,3.0.0.Final)
    Go back to all versions of this package