Izanami is vulnerable to Authorization Bypass

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

使用候选路径或通道进行的认证绕过

Izanami 信任管理问题漏洞

Izanami是一个共享配置、功能翻转和 A/B 测试服务器，非常适合微服务架构实现。 Izanami 1.11.0之前版本存在安全漏洞，该漏洞源于当使用官方Docker镜像部署时，攻击者可以绕过此应用程序中的身份验证。

N/A

N/A