CVE-2020-11710: Kong API Gateway Unauthorized Vulnerability Alert
Recently, Kong issued a risk notification for the Kong Admin Restful API Gateway unauthorized vulnerability. The vulnerability number is CVE-2020-11710, and the vulnerability level is high.
Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway or API Middleware). Made available as an open-source project in 2015, its core values are high performance and extensibility.
Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.
- Add routes to key intranet services
- Make Kong a proxy node to sniff internal services that can be accessed
Affected version
- Kong version 2.0.2 and below
We recommend that users install the latest patches in a timely manner.