Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kgateway is missing xDS authorization
Vulnerability Description
kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend service information, routing rules, and cluster metadata. This issue is solved in versions 2.0.5 and 2.1.0.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
kgateway 安全漏洞
Vulnerability Description
kgateway是kgateway-dev开源的一个云原生API网关和人工智能网关。 kgateway 2.0.4及之前版本和2.1.0-agw-cel-rbac至2.1.0-rc.2版本存在安全漏洞,该漏洞源于缺乏身份验证,可能导致未经授权的客户端获取敏感配置数据。
CVSS Information
N/A
Vulnerability Type
N/A