Abstract Advisory Information


WSO2 API Manager is an open source approach that addresses full API lifecycle management, monetization, and policy enforcement.

Uploaded documents for API’s documentation on publisher part are available for unauthenticated user.

Author: Julien Oury–Nogues

Version affected


Name: WSO2 API Manager

Versions: 2.6.0

Common Vulnerability Scoring System


4.3

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Patches


Unknown

References


None

Vulnerability Disclosure Timeline


  • 19/10/2018 – Vulnerability discovered
  • 22/10/2018 – Contact WSO2 security team
  • 29/10/2018 – Acknowledgement From WSO2 security team
  • 21/02/2019 – Public disclosure