This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Apache APISIX's `batch-requests` plugin fails to restrict user batch requests. <br>π₯ **Consequences**: Attackers can bypass Admin API IP restrictions, leading to **Remote Code Execution (RCE)**.β¦
π‘οΈ **Root Cause**: **CWE-290** (Authentication Bypass by Spoofing). <br>π **Flaw**: The plugin overrides the client IP using the `X-Real-IP` header.β¦
π¦ **Affected Products**: Apache APISIX. <br>π **Versions**: <br>- **2.10.4** and earlier <br>- **2.12.1** and earlier <br>β οΈ Default configurations with default API keys are most at risk.
Q4What can hackers do? (Privileges/Data)
π **Attacker Capabilities**: <br>- **Bypass Auth**: Trick the system into thinking requests come from localhost. <br>- **RCE**: Execute arbitrary commands via `filter_func` or `script` in routes.β¦
π£ **Public Exploits**: **YES**. <br>π Multiple PoCs exist on GitHub (e.g., Mr-xn, Axx8, Mah1ndra). <br>π οΈ Tools available: Python scripts, Go exploits, and Nuclei templates for automated scanning.
Q7How to self-check? (Features/Scanning)
π **Self-Check**: <br>1. Scan for `apisix/batch-requests` endpoint. <br>2. Check if `X-Real-IP` header is accepted/overwritten. <br>3. Use Nuclei template `CVE-2022-24112.yaml`. <br>4.β¦