CVE-2021-3814

high

Description

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid token, it uses session auth instead. This conceivably bypasses access controls and permits unauthorized information disclosure.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2004322

Details

Source: Mitre, NVD

Published: 2022-03-25

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.00109

Detections

Analytics