Skip to main content

Incorrect Default Permissions


Severity Medium
Score 6.5/10


Apiman versions 1.5.7.Final through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman. Because of this, 3.0.0.Final is not affected by the vulnerability.

  • LOW
  • NONE
  • NONE
  • LOW
  • HIGH
  • NONE

CWE-276 - Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

Advisory Timeline

  • Published