漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
kgateway is missing xDS authorization
Vulnerability Description
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
kgateway 安全漏洞
Vulnerability Description
kgateway是kgateway-dev开源的一个云原生API网关和人工智能网关。 kgateway 2.0.4及之前版本和2.1.0-agw-cel-rbac至2.1.0-rc.2版本存在安全漏洞,该漏洞源于缺乏身份验证,可能导致未经授权的客户端获取敏感配置数据。
CVSS Information
N/A
Vulnerability Type
N/A