Description

Kong Gateway is an open-source, lightweight API gateway. Kong comes with an internal RESTful Admin API for administration purposes. Requests to the Admin API can be sent to any node in the cluster, and Kong will keep the configuration consistent across all nodes.

It was discovered that it's possible to access the Kong Gateway Admin API without authentication. It's recommended to restrict access to the Kong Admin API. It is best practice to expose the Kong Gateway Admin API to localhost only.

Remediation

It's recommended to restrict access to the Kong Admin API.

References

Metasploit Modules for RCE in Apache NiFi and Kong API Gateway

Related Vulnerabilities

Spring Boot Misconfiguration: Admin MBean enabled

Tomcat status page

Session ID in URL

Roundcube security updates 0.8.6 and 0.7.3

Apache stronghold-status enabled

Severity

Medium

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Configuration