Enhancement: cves/2022/CVE-2022-24112.yaml by mp

cves/2022/CVE-2022-24112.yaml

@@ -1,8 +1,9 @@
 id: CVE-2022-24112
 
 info:
-  name: Apache APISIX apisix/batch-requests RCE
-  description: Apache APISIX apisix/batch-requests plugin allows overwriting the X-REAL-IP header to RCE;An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.
+  name: Apache APISIX apisix/batch-requests Remote Code Execution
+  description: "A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An Apache APISIX apisix/batch-requests plugin allows overwriting the X-REAL-IP header to RCE. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed."
+  remediation: "Upgrade to 2.10.4 or 2.12.1. Or, explicitly configure the enabled plugins in `conf/config.yaml` and ensure `batch-requests` is disabled. (Or just comment out `batch-requests` in `conf/config-default.yaml`)."
   author: Mr-xn
   severity: critical
   reference:
@@ -75,3 +76,5 @@ requests:
         group: 1
         regex:
           - 'GET \/([a-z-]+) HTTP'
+
+# Enhanced by mp on 2022/03/08