CVE-2021-3814 – This vulnerability in 3scale's APIdocs allows a... (How to Fix)

Q: What is the severity of CVE-2021-3814?

CVE-2021-3814 has a CVSS score of 7.5 (HIGH). This vulnerability in 3scale's APIdocs allows attackers to bypass access controls by using invalid tokens that trigger fallback to session authentication. This could permit unauthorized access to API documentation and potentially sensitive information. Organizations using 3scale API Management with APIdocs enabled are affected.

📋 TL;DR

This vulnerability in 3scale's APIdocs allows attackers to bypass access controls by using invalid tokens that trigger fallback to session authentication. This could permit unauthorized access to API documentation and potentially sensitive information. Organizations using 3scale API Management with APIdocs enabled are affected.

💻 Affected Systems

Products:

Red Hat 3scale API Management

Versions: All versions prior to 2.11.0

Operating Systems: All platforms running 3scale

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with APIdocs functionality enabled. The vulnerability exists in the token validation logic when accessing API documentation endpoints.

📦 What is this software?

3scale by Redhat

View all CVEs affecting 3scale →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete unauthorized access to all API documentation and potentially sensitive API specifications, credentials, or internal system details exposed through the documentation interface.

🟠

Likely Case

Unauthorized users accessing API documentation that should be restricted, potentially revealing API endpoints, parameters, and authentication mechanisms.

🟢

If Mitigated

No impact if proper token validation is enforced or if APIdocs is disabled for sensitive environments.

🌐 Internet-Facing: HIGH - APIdocs endpoints are often exposed externally for developer access, making them prime targets.

🏢 Internal Only: MEDIUM - Internal systems could still be compromised if attackers gain network access or through insider threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to APIdocs endpoints but doesn't require valid credentials. Attackers can simply provide invalid tokens to trigger the fallback mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.11.0 and later

Vendor Advisory: https://access.redhat.com/security/cve/cve-2021-3814

Restart Required: Yes

Instructions:

1. Update 3scale API Management to version 2.11.0 or later. 2. Apply the update through your deployment method (container, RPM, etc.). 3. Restart all 3scale components. 4. Verify the fix by testing token validation.

🔧 Temporary Workarounds

Disable APIdocs

all

Temporarily disable the APIdocs functionality if not required

Edit 3scale configuration to disable APIdocs endpoints

Network Access Control

all

Restrict access to APIdocs endpoints using network controls

Configure firewall rules to limit access to APIdocs endpoints

🧯 If You Can't Patch

Implement strict network segmentation to isolate APIdocs endpoints from untrusted networks
Deploy a web application firewall (WAF) with rules to detect and block invalid token exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Test APIdocs endpoint with invalid token - if it falls back to session auth and grants access, system is vulnerable.

Check Version:

oc get pods -n 3scale -o jsonpath='{.items[*].spec.containers[*].image}' | grep -o '3scale-amp:[0-9.]*'

Verify Fix Applied:

Test APIdocs endpoint with invalid token - should return proper authentication error instead of falling back to session.

📡 Detection & Monitoring

Log Indicators:

Multiple failed token validations followed by successful session authentication
Access to APIdocs endpoints without valid token headers

Network Indicators:

Unusual patterns of requests to APIdocs endpoints with malformed tokens
Traffic to APIdocs from unauthorized IP ranges

SIEM Query:

source="3scale-logs" AND (message="invalid token" OR message="fallback to session") AND status="200"

📊 Metadata

CVE ID: CVE-2021-3814

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-862

Published: March 25, 2022

Last Updated: November 21, 2024

🔗 References

https://bugzilla.redhat.com/show_bug.cgi?id=2004322 Issue Tracking,Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2004322 Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3814, you might also want to check these: