RHSA-2017:1712 - Security Advisory
Security Advisory: Important
A security update for Red Hat 3scale API Management Platform 2.0.0 is now available from the Red Hat Container Catalog.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat 3scale API Management Platform 2.0 is a platform for the management of access and traffic for web-based APIs across a variety of deployment options.
- It was found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs. (CVE-2017-7512)
The underlying container image was also rebuilt to resolve other security issues. These were addressed via the following errata:
Red Hat would like to thank Ryan Nauman (TruCode) for reporting the CVE-2017-7512 issue.
To apply this security fix, use the updated docker images.
- Red Hat 3scale API Management Platform 2.0 x86_64
- BZ - 1457997 - CVE-2017-7512 3scale AMP: validation bypass in oauth