Impact
Apache APISIX’s openid-connect plugin performs insufficient verification of data authenticity, enabling attackers to spoof identity headers. Based on the description, this flaw allows an attacker to impersonate another user and access resources that require authenticated identities, which is inferred to potentially violate confidentiality and integrity. The weakness is classified as CWE-345: Information Exposure Through Spoofed Authentication Credential.
Affected Systems
The vulnerability affects Apache Software Foundation’s Apache APISIX from version 2.3 up through 3.16.0. The earlier and later releases are not affected.
Risk and Exploitability
The CVSS score of 5.3 indicates a medium risk. EPSS information is not available, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is inferred to be the submission of crafted HTTP requests to the APISIX gateway’s openid-connect plugin, exploiting the lack of header validation. The exploit does not require elevated privileges, so it can potentially be performed by remote actors who can reach the API gateway.
OpenCVE Enrichment