CVE-2020-11710 Scanner

Kong is a widely-used open-source API gateway that is used by enterprises to manage, secure, and extend APIs. To help developers get started quickly with Kong, the platform offers a docker-compose template that simplifies the process of setting up Kong on a local development environment. The docker-compose template is meant for users who want to quickly experiment and try out Kong as part of the development process. 

Recently, a vulnerability was discovered in Kong's docker-compose template that could potentially enable attackers to gain access to the admin API port through interfaces other than 127.0.0.1. The vulnerability code is CVE-2020-11710. The vendor, however, contests the CVE, stating that it is not a vulnerability. According to the vendor, the issue is related to the docker-compose template of Kong and not the Kong gateway image itself. The vendor also claims that the instructions to protect the admin API were already documented back in 2017, rendering the CVE irrelevant.

If the CVE is truly a vulnerability, then attackers can potentially gain unauthorized access to the admin API port, allowing them to manipulate and control the exposed endpoints. This could lead to malicious activities such as the modification of API settings, exposure of sensitive data, tampering with the gateway security settings, and more. Worst of all, businesses could experience severe financial and reputational damage due to the misuse of their APIs.

Overall, thanks to the pro features of the securityforeveryone.com platform, businesses can quickly and easily identify any vulnerabilities in their digital assets, including Kong. The platform continuously monitors and scans for any potential threats, allowing businesses to take preemptive actions before it's too late. By staying vigilant and proactive, businesses can ensure that their APIs remain secure and protected from any malicious attacks.

REFERENCES

• https://github.com/Kong/kong 
• https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611 
• https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c 
• https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949