CVE-2020-11710
published 2020-04-12CVE-2020-11710: An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor…
PriorityP273critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
33.83%
98.2th percentile
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| konghq | docker-kong | <= 2.0.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Probe GET {{BaseURL}} and {{BaseURL}}/admin/ for HTTP 200 responses containing all three strings: 'Welcome to kong', 'configuration', and 'kong_env' in the response body to identify an exposed Kong Admin API. ↗
- →Use Shodan query cpe:"cpe:2.3:a:konghq:docker-kong" to identify internet-exposed Kong Admin API instances. ↗
- →The vulnerability arises when the Kong Admin API port is bound to interfaces other than 127.0.0.1, making it remotely accessible without authentication. ↗
- ·This issue only affects Kong deployments spun up via the docker-compose template, not the Kong docker image itself. It is not triggered in production deployments that follow Kong's security documentation. ↗
- ·The vendor disputes this CVE, stating the bug scope is inaccurate and that the issue is not associated with any version of the Kong gateway itself. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Kong Admin <=2.03 - Admin API Access
nuclei·CVSS 9.8
CVE-2020-11710 [CRITICAL] Kong Admin <=2.03 - Admin API Access
Kong Admin <=2.03 - Admin API Access
Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.
Template:
id: CVE-2020-11710
info:
name: Kong Admin <=2.03 - Admin API Access
author: pikpikcu
severity: critical
description: Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.
impact: |
Remote attackers can gain unauthorized administrative access to the Kong Admin API.
remediation: |
Upgrade to Kong version 2.0.3 or later to fix the vulnerability and ensure proper authentication and access control mechanisms are in place.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2020-11710
- https://github.com/Kong/kong
- https://github
No writeups or analysis indexed.
https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31chttps://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949https://github.com/Kong/konghttps://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31chttps://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949https://github.com/Kong/kong
2020-04-12
Published