MidnightBSD

Advisories for konghq

CVE-2020-11710 HIGH

An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
konghq docker-kong *
CVE-2020-36661 LOW

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-1333,

Products Affected

Vendor Product Version
konghq multipart 0.5.8-1
CVE-2021-27306 MEDIUM

An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-706,

Products Affected

Vendor Product Version
konghq kong_gateway *
CVE-2023-2418 LOW

A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715.

CVSS 2.0

Severity: LOW

Problem Type: CWE-330,

Products Affected

Vendor Product Version
konghq kong 2.8.3
CVE-2023-40299

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
konghq insomnia 2023.4.0
CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat jboss_a-mq_streams -
cisco nx-os *
redhat enterprise_linux 8.0
f5 big-ip_application_visibility_and_reporting 17.1.0
golang networking *
redhat certification_for_red_hat_enterprise_linux 8.0
f5 big-ip_analytics 17.1.0
f5 nginx_plus r30
apache solr *
cisco ultra_cloud_core_-_session_management_function *
f5 big-ip_ssl_orchestrator *
redhat cryostat 2.0
f5 big-ip_access_policy_manager 17.1.0
cisco ultra_cloud_core_-_serving_gateway_function *
redhat node_healthcheck_operator -
cisco ultra_cloud_core_-_policy_control_function 2024.01.0
redhat integration_service_registry -
nodejs node.js *
microsoft windows_10_1809 *
f5 big-ip_access_policy_manager *
redhat openstack_platform 16.1
nghttp2 nghttp2 *
redhat openshift_dev_spaces -
redhat decision_manager 7.0
redhat cert-manager_operator_for_red_hat_openshift -
f5 nginx_ingress_controller *
microsoft windows_10_21h2 *
cisco unified_contact_center_enterprise_-_live_data_server *
netapp astra_control_center -
debian debian_linux 12.0
linkerd linkerd 2.14.0
akka http_server *
cisco iot_field_network_director *
cisco business_process_automation *
f5 nginx_plus *
redhat openshift_pipelines -
cisco expressway *
cisco prime_access_registrar *
kazu-yamamoto http2 *
f5 big-ip_ssl_orchestrator 17.1.0
microsoft windows_server_2019 -
debian debian_linux 10.0
redhat openshift -
redhat enterprise_linux 6.0
redhat web_terminal -
f5 big-ip_application_security_manager *
redhat node_maintenance_operator -
dena h2o *
envoyproxy envoy 1.24.10
f5 big-ip_domain_name_system 17.1.0
cisco ios_xr *
cisco data_center_network_manager -
f5 big-ip_application_security_manager 17.1.0
redhat advanced_cluster_security 3.0
redhat openshift_container_platform 4.0
redhat logging_subsystem_for_red_hat_openshift -
f5 big-ip_webaccelerator *
cisco crosswork_data_gateway *
cisco secure_web_appliance_firmware *
f5 big-ip_fraud_protection_service *
microsoft windows_11_21h2 *
microsoft windows_server_2016 -
envoyproxy envoy 1.26.4
redhat openstack_platform 16.2
redhat migration_toolkit_for_containers -
redhat single_sign-on 7.0
microsoft visual_studio_2022 *
redhat migration_toolkit_for_virtualization -
f5 big-ip_link_controller 17.1.0
microsoft windows_server_2022 -
linecorp armeria *
facebook proxygen *
amazon opensearch_data_prepper *
redhat jboss_enterprise_application_platform 6.0.0
netty netty *
f5 big-ip_websafe 17.1.0
f5 big-ip_ddos_hybrid_defender 17.1.0
redhat advanced_cluster_security 4.0
linkerd linkerd 2.13.0
f5 big-ip_advanced_web_application_firewall 17.1.0
redhat openstack_platform 17.1
f5 big-ip_global_traffic_manager 17.1.0
f5 big-ip_local_traffic_manager 17.1.0
redhat support_for_spring_boot -
apple swiftnio_http/2 *
microsoft windows_10_22h2 *
f5 big-ip_application_visibility_and_reporting *
redhat enterprise_linux 9.0
caddyserver caddy *
redhat build_of_optaplanner 8.0
redhat service_telemetry_framework 1.5
cisco crosswork_situation_manager -
cisco unified_contact_center_enterprise -
f5 big-ip_domain_name_system *
istio istio *
cisco prime_network_registrar *
f5 big-ip_analytics *
cisco enterprise_chat_and_email -
f5 big-ip_global_traffic_manager *
cisco unified_contact_center_domain_manager -
redhat machine_deletion_remediation_operator -
cisco secure_malware_analytics *
konghq kong_gateway *
f5 nginx_plus r29
redhat integration_camel_for_spring_boot -
cisco telepresence_video_communication_server *
linkerd linkerd 2.14.1
redhat openshift_distributed_tracing -
f5 big-ip_carrier-grade_nat *
apache traffic_server *
redhat process_automation 7.0
f5 big-ip_ddos_hybrid_defender *
microsoft azure_kubernetes_service *
cisco crosswork_zero_touch_provisioning *
redhat certification_for_red_hat_enterprise_linux 9.0
microsoft windows_11_22h2 *
cisco ios_xe *
f5 big-ip_policy_enforcement_manager *
fedoraproject fedora 37
redhat openshift_service_mesh 2.0
redhat jboss_fuse 7.0.0
golang go *
redhat network_observability_operator -
cisco connected_mobile_experiences *
f5 big-ip_next 20.0.1
redhat satellite 6.0
cisco unified_attendant_console_advanced -
cisco ultra_cloud_core_-_policy_control_function *
f5 big-ip_application_acceleration_manager *
redhat service_interconnect 1.0
traefik traefik 3.0.0
fedoraproject fedora 38
cisco unified_contact_center_management_portal -
jenkins jenkins *
envoyproxy envoy 1.27.0
f5 big-ip_next_service_proxy_for_kubernetes *
varnish_cache_project varnish_cache *
f5 big-ip_application_acceleration_manager 17.1.0
redhat jboss_fuse 6.0.0
ietf http 2.0
projectcontour contour *
f5 big-ip_advanced_web_application_firewall *
traefik traefik *
redhat advanced_cluster_management_for_kubernetes 2.0
f5 big-ip_link_controller *
debian debian_linux 11.0
redhat openshift_developer_tools_and_services -
microsoft asp.net_core *
redhat jboss_core_services -
redhat jboss_data_grid 7.0.0
f5 big-ip_local_traffic_manager *
redhat quay 3.0.0
redhat openshift_virtualization 4
cisco secure_dynamic_attributes_connector *
redhat jboss_a-mq 7
redhat self_node_remediation_operator -
netapp oncommand_insight -
envoyproxy envoy 1.25.9
redhat openshift_api_for_data_protection -
cisco prime_cable_provisioning *
microsoft .net *
redhat 3scale_api_management_platform 2.0
apache tomcat 11.0.0
apache tomcat *
f5 big-ip_carrier-grade_nat 17.1.0
redhat run_once_duration_override_operator -
redhat integration_camel_k -
grpc grpc 1.57.0
linkerd linkerd *
cisco crosswork_data_gateway 5.0
microsoft cbl-mariner *
redhat migration_toolkit_for_applications 6.0
f5 big-ip_advanced_firewall_manager *
microsoft windows_10_1607 *
f5 big-ip_fraud_protection_service 17.1.0
redhat openshift_secondary_scheduler_operator -
redhat ansible_automation_platform 2.0
f5 big-ip_advanced_firewall_manager 17.1.0
redhat cost_management -
openresty openresty *
golang http2 *
f5 big-ip_webaccelerator 17.1.0
redhat openshift_gitops -
redhat build_of_quarkus -
grpc grpc *
apache apisix *
linkerd linkerd 2.13.1
f5 big-ip_websafe *
redhat fence_agents_remediation_operator -
redhat openshift_data_science -
cisco fog_director *
eclipse jetty *
redhat openshift_sandboxed_containers -
redhat ceph_storage 5.0
cisco prime_infrastructure *
redhat openshift_serverless -
f5 nginx *
f5 big-ip_policy_enforcement_manager 17.1.0
redhat openshift_container_platform_assisted_installer -
cisco firepower_threat_defense *
redhat jboss_enterprise_application_platform 7.0.0