Description
The Kong Gateway provides API for accessing various information and configuring it. Invicti determined that it was possible to access this API without authentication.
Remediation
Restrict access to the Kong Gateway API interface
References
Related Vulnerabilities
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4569)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4304)
Ruby Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-10933)