CVE Vulnerabilities

CVE-2020-14388

Published: Jun 02, 2021 | Modified: Jul 25, 2022

CVSS 3.x

6.3

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS 2.x

6.5 MEDIUM

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-14388
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an APIs admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission.

Affected Software

Name	Vendor	Start Version	End Version
3scale_api_management	Redhat	2.0 (including)	2.0 (including)

References

https://bugzilla.redhat.com/show_bug.cgi?id=1875553

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.